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Foreword 



rd , 



This Technical Specification has been produced by the 3 Generation Partnership Project (3GPP). 

The contents of the present document are subject to continuing work within the TSG and may change following formal 
TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an 
identifying change of release date and an increase in version number as follows: 

Version x.y.z 

where: 

X the first digit: 

1 presented to TSG for information; 

2 presented to TSG for approval; 

3 or greater indicates TSG approved document under change control. 

y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, 
updates, etc. 

z the third digit is incremented when editorial only changes have been incorporated in the document. 
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Scope 



The present document provides the stage 3 specification of the Go interface. The functional requirements and the 
stage 2 specifications of the Go interface are contained in 3GPP TS 23.002 [2] and 3GPP TS 23.207 [3]. The Go 
interface is the interface between the GGSN and the PoHcy Decision Function (PDF). 

The present document defines: 

the protocol to be used between PDF and GGSN over the Go interface; 

the signalling interactions to be performed between PDF and GGSN over the Go interface; 

the information to be exchanged between PDF and GGSN over the Go interface. 
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[9] IETF RFC 3159: "Structure of Pohcy Provisioning Information (SPPI)". 
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[II] IETF RFC 3520: "Session Authorization Policy Element". 

[12] 3GPP TS 24.008: "Mobile radio interface Layer 3 specification; Core network protocols; Stage 3". 

[13] 3GPP TS 27.060: "Packet domain; Mobile Station (MS) supporting Packet Switched services". 

[14] 3GPP TS 24.229: "IP Multimedia Call Control Protocol based on SIP and SDP; Stage 3". 

[15] IETF RFC 3318: "Framework Pohcy Information Base". 

[16] IETF RFC 3289: "Management Information Base for the Differentiated Services Architecture" 

[17] IETF RFC 2327: "SDP: Session Description Protocol". 

[18] 3GPP TS 29.208: "End-to-end Quahty of Service (QoS) signalhng flows". 
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[19] IETF RFC 3291: "Textual Conventions for Internet Network Addresses". 

[20] 3GPP TS 29.060: "General Packet Radio Service (GPRS); GPRS Tunnelling Protocol (GTP) 

across the Gn and Gp interface". 

[21] 3GPP TS 32.225: "Telecommunication management; Charging management; Charging data 

description for the IP Multimedia Subsystem (IMS)". 

[22] IETF RFC 3313: "Private Session Initiation Protocol (SIP) Extensions for Media Authorization" 



3 Definitions and abbreviations 

3.1 Definitions 

For the purposes of the present document, the terms and definitions given in 3GPP TR 21.905 [1] and the following 
apply: 

Authorization Token: consist of the IMS session identifier and the PDF identifier. It is used for authorizing the QoS 
for the media stream(s). The UE shall include an authorization token in order to obtain QoS authorization for the IMS 
session. The UE obtains this authorization token via SIP from the P-CSCF by means of an extension SIP header 
described in RFC 3313 [22]. The P-CSCF communicates with the PDF in order to obtain a suitable authorization token 
for the UE. 

Client Handle: an object in the COPS messages used as a unique number to correlate all the COPS messages with the 
same dialogue. Over the Go interface the Client Handle is used to correlate COPS messages with respect to the same 
PDP Context. For the exact definition see RFC 2748 [7] and RFC 3084 [8]. 

Common Open Policy Service (COPS) protocol: is a simple query and response protocol that can be used to 
exchange policy information between a policy server (Policy Decision Point) and its clients (Policy Enforcement 
Points) 

Flow identifier: used for the identification of an IP flow within a media component associated with a SIP session 

EXAMPLE: A single, unidirectional media component may contain one IP flow, or two IP flows in the case of 
an RTP media stream. In case of a bi-directional flow, the same flow identifier is used for both 
directions. A flow identifier consists of two parts: 1) Media component number defined in 
increasing order according to the sequence of the "m=" lines in the SDP (RFC 2327 [17]), session 
description and 2) IP flow number defined in the order of increasing port numbers within each 
media component, see annex C. 

Go Interface: interface between PDF and GGSN (3GPP TS 23.002 [2]) 

GPRS Charging ID (GCID): the Charging Id generated by the GGSN as defined in 3GPP TS 29.060 [20]. 

IP Bearer Service Manager: uses standard IP mechanisms to manage the IP Bearer Service. It resides in the GGSN 
and optionally in the UE 

Media component: is a part of an SDP session description conveying information about one media stream (e.g. type, 
format, IP address, port, transport protocol, bandwidth, direction) 

The media stream described by a media component can be either bi- or unidirectional. A media stream containing an 
RTP flow may also contain an associated RTCP flow. An SDP session description can consist of more than one media 
component. A media component shall not be deleted nor its position changed within the SDP session description. A 
media component line where the port number has previously been set to may be reused for a new media component. 

Policy Decision Function (PDF): is a logical policy decision element that uses standard IP mechanisms to implement 
policy in the IP media layer 

The PDF makes decisions in regard to network based IP policy using policy rules, and communicates these decisions to 
the PEP in the GGSN. 
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Proxy Call Session Control Function (P-CSCF): is a network element providing session management services 
(e.g. telephony call control) 

Policy Enforcement Point (PEP): is a logical entity that enforces policy decisions made by the PDF. It resides in the 
IP BS Manager of the GGSN 

Policy Information Base (PIB): is a set of policy data carried by COPS-PR 

The protocol assumes a named data structure, known as a Policy Information Base (PIB), to identify the type and 

purpose of solicited and unsolicited policy information that is sent from the Policy Decision Point to the Policy 

Enforcement Point for provisioning policy or sent from the Policy Enforcement Point to the Policy Decision Point as a 

notification. 

Provisioning Instance Identifier (PRID): uniquely identifies an instance of a PRC 

QoS class: identifies a bearer service (which is associated with a set of bearer service characteristics) 

Translation/mapping function: provides the inter-working between the mechanisms and parameters used within the 
UMTS Bearer Service and those used within the IP Bearer Service 

UMTS Bearer Service Manager: handles resource reservation requests from the UE. It resides in the GGSN and the 
UE 

3.2 Abbreviations 

For the purposes of the present document, the abbreviations given in 3GPP TR 21.905 [1] and the following apply: 

COPS Common Open Policy Service protocol 

COPS-PR COPS for policy PRovisioning 

DEC COPS DECision message 

DRQ COPS Delete ReQuest state message 

GCID GPRS Charging IDentifier 

ICID IM CN Subsystem Charging IDentifier 

IMS IP Multimedia core network Subsystem 

MIB Management Information Base 

P-CSCF Proxy Call Session Control Function 

PDF Policy Decision Function 

PEP Policy Enforcement Point 

PIB Policy Information Base 

PRC PRovisioning Class (a type of policy data) 

PRI PRovisioning Instance (an instance of a PRC) 

PRID PRovisioning Instance IDentifier 

QoS Quality of Service 

REQ COPS REQuest message 

RPT COPS RePorT state message 

RTCP RTP Control Protocol 

SBLP Service Based Local Policy 

SDP Session Description Protocol 



Go interface 



4.1 



Overview 



The Go interface allows service-based local policy information to be "pushed" to or requested by the Policy 
Enforcement Point (PEP) in the GGSN from a Policy Decision Function (PDF). As defined in the stage 2 specifications 
3GPP TS 23.207 [3], this information is used by the GGSN for: 

GPRS bearer authorisation; 

- Charging correlation; 
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Policy based "gating" function in GGSN; 

The Go interface uses IP flow based policies. 

The Common Open Policy Service (COPS) protocol has been developed as a protocol for use between a policy server 
and a network device, as described in RFC 2748 [7]. 

In addition, COPS for Provisioning extensions have been developed as described in RFC 3084 [8] with RFC 3159 [9] 
describing a structure for specifying policy information that can then be transmitted to a network device for the purpose 
of configuring policy at that device. The model underlying this structure is one of well-defined provisioning classes and 
instances of these classes residing in a virtual information store called the Policy Information Base (PIB). 

The Go interface shall conform to the IETF COPS (RFC 2748 [7]) and the extensions of COPS-PR (RFC 3084 [8]). For 
the purpose of exchanging the required specific Go information, a 3GPP Go COPS-PR Policy Information Base (PIB) is 
defined in the present document. 

COPS Usage for Policy Provisioning (COPS-PR) is independent of the type of policy being provisioned (QoS, Security, 
etc.). In the present document, COPS-PR is used to communicate service-based local policy information between PDF 
and GGSN. COPS-PR can be extended to provide per-flow policy control along with a 3GPP Go Policy Information 
Base (PIB). The 3GPP Go PIB may inherit part of the data object definitions from other PIBs and MIBs defined in the 
IETF. 

Signalling flows related to the Go interface are specified in 3GPP TS 29.208 [18]. 

The minimum functionalities that the Go interface shall cover are introduced below. 

1 . Media Authorisation request from GGSN: 

The GGSN receives the binding information during the activation of a (Secondary) PDP context or during the 
modification of an existing PDP context that has been previously authorized by the PDF. To authorise the 
PDP context activation, the GGSN shall send a media authorisation request to the PDF. To authorise the PDP 
context modification, the GGSN shall send a media authorisation request to the PDF when the requested QoS 
exceeds the authorised QoS or new binding information is received. 

This authorisation request shall include the following information: 

Binding information: 

The binding information is used by the GGSN to identify the correct PDF and subsequently request 
service-based local policy information from the PDF. The GGSN may receive one or more sets of the 
binding information during an activation or modification of a PDP context. Each binding information 
consists of: 

One Authorisation token; 

One or more Flow identifiers within the session. 

It is assumed that only one set of binding information is carried within a PDP context in this Release. 

2. Media authorisation decision from PDF: 

The media authorisation information sent by the PDF to the GGSN, contains at a minimum the following 
information: 

Decision on the binding information. 

The PDF shall respond with an authorisation decision for the binding information. The authorisation decision 
shall identify that the binding information is validated with an ongoing SIP session. Additionally, the PDF shall 
verify if the multiple media components are correctly assigned to the PDP Context. If validated, the PDF shall 
also communicate the following media authorisation details to the GGSN: 

- "Authorised QoS". 

This information is used by the GGSN to authorise the media resources according to the service-based 
local policy and the requested bearer QoS. 
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The "Authorised QoS" for media components signalled over the Go interface is based on the SDP 
requirements signalled and agreed previously within SIP signalling for this session. 

The "Authorised QoS" specifies the maximum QoS that is authorised for a PDF context for that specific 
binding information. In case of an aggregation of multiple media components within one PDF context, the 
combination of the "Authorised QoS" information of the individual media components is provided as the 
"Authorised QoS" for the bearer. 

The "Authorised QoS" contains the following information: 

QoS class: 

The QoS class information represents the highest class that can be used for the media component. It is 
derived from the SDF media description. The QoS class within the "Authorized QoS" information for 
the bearer is determined from the QoS class values of the individual media components identified in 
the binding information. 

Data rate: 

The Data rate information is derived from the SDP bandwidth parameter. The Data rate shall include 
all the overhead coming from the IP-layer and the layers above, e.g. UDP and RTP. If RTP is used, 
then overhead coming from RTCP shall be added by the PDF. If multiple codecs are agreed to be used 
in a session, the authorized data rate is set according to the codec requiring the highest bandwidth, 
meaning that terminals may under use the authorized data rate when choosing to use another agreed 
codec. The Data rate within the "Authorized QoS" information for the bearer is determined from the 
data rate values of the individual media components identified in the binding information. 

Packet Classifier. 

The packet classifier for media components is based on the IP-address and port number information in the 
SDP and shall allow for all IP flows associated with the SDP media component description. 

3. Charging correlation: 

The PDF shall send the ICID (see 3GPP TS 24.229 [14]) provided by the P-CSCF as part of the authorisation 
decision. The GGSN shall send the GCID (see 3GPP TS 29.060 [20]) of the PDF Context and the GGSN address 
to the PDF as part of the authorisation report. 

4. Approval of QoS Commit / Removal of QoS Commit / Revoke Authorisation for GPRS and IF resources: 

The PDF controls media components and may revoke resources at any time. Approval of QoS Commit / 
Removal of QoS Commit / Revoke Authorisation for GPRS and IP resources is communicated by the PDF to the 
GGSN. 

5. Indication of PDF Context Release / Modification to/from kbit/s: 

The GGSN informs the PDF of bearer changes related to the authorised resources for the IMS session in the 
following cases: 

Loss of radio contact (modification to/from kbit/s for conversational and streaming class); 

Deactivation of PDF context. 

4.2 Go reference model 

The Go interface is defined between the PDF and the GGSN (3GPP TS 23.002 [2]). 

The PDF is a logical entity of the P-CSCF (if the PDF is implemented in a separate physical node, the interface between 
the PDF and P-CSCF is not standardised). 

The P-CSCF (PDF) is in the same PLMN as the GGSN. 

The relationships between the different functional entities involved are depicted in figure 4.2. 



£75/ 



3GPP TS 29.207 version 5.4.0 Release 5 



11 



ETSI TS 129 207 V5.4.0 (2003-06) 



UE 



SIPQient 



i 



IP BS Manager 

I 



TranslatiorVmapping 
function 



-f- 



UlvrTBBSIVbnager 



SP/SIP Signalling 



QGSN 



PEP 

(Policy EnfaoeiTEnt Point) 



IP BS Manager 

I 



Translation/mapping 
function 



X 



UMTS BS Manager 



Go 



P-CSCF 



PDF 

(Policy [Dedsicn Function) 



< — ► Signalling path 



NOTE: For clarity in the diagram, network elements that are not involved in service-based local policy are not 
presented here (e.g. radio network elements, SGSN, etc). 

Figure 4.2: Go interface architecture model 



4.3 Functional elements and capabilities 



4.3.1 



GGSN 



4.3.1.1 



Service-based local policy enforcement point 



The Policy Enforcement Point (PEP) is a logical entity which resides in the GGSN and communicates with the PDF 
regarding Service-based local policy (SBLP) control. Hereafter in the present document, the GGSN is assumed to 
contain the PEP implicitly unless otherwise stated. The GGSN sends requests to and receives decisions from the PDF. 
The GGSN may cache the policy decision data of the PDF decisions. This cached information may be used later for a 
local policy decision allowing the GGSN to make policy control decision about the QoS authorization for PDP context 
modifications without requiring additional interaction with the PDF in case the modification request does not exceed the 
previously authorized QoS. 

The following policy enforcement point functionalities for SBLP in the GGSN are identified: 

Policy based Authorisation: 

The GGSN requests authorisation information from PDF for the media components carried by a PDP context. 
The GGSN enforces the PDF decisions related to the media components carried by a PDP context. 

The GGSN shall enforce unsolicited authorisation decisions which update the QoS and packet classifiers. 

Additionally, policy-based authorisation ensures that the resources, which can be used by each particular 
media component, are within the "Authorised QoS" specified by the PDF. This information is mapped by the 
Translation/mapping function in the GGSN to give the authorised resources for GPRS bearer admission 
control. 

The GGSN shall also report to the PDF its success or failure in carrying out the PDF decision. 

- Policy based gating functionality: 

Policy based gating functionality represent the control of the GGSN over the Gate Function in the user plane, 
i.e. the forwarding of IP packets associated with a media component. In the user plane, a "gate" is defined for 
each direction of a media component. The PDF provides the gate description and the commands to open or 
close the gate. The gate description is received from the PDF in the authorisation decision. The command to 
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open or close the gate shall be sent either in the authorisation decision or in subsequent decisions from the 
PDF. 

Indication of bearer release/modification to/from kb/s: 

The GGSN shall inform the PDF when the bearer changes to or from a data rate of kb/s (an indication of 
bearer loss/recovery), and at bearer release. 

Charging Correlation 

To ensure charging correlation, the PEP shall send the GCID and the GGSN address to the PDF. The PDF 
shall also send the IMS charging identifier to the GGSN. 

4.3.1 .1 .1 QoS Information processing 

The GGSN is responsible for the policy based authorisation, i.e. to ensure that the requested QoS is in-line with the 
"Authorized QoS". 

The GGSN needs the "Authorised QoS" information of the PDP context for the uplink as well as for the downlink 
direction. Therefore, the "Authorized QoS" information for the combination of all IP flows of each direction associated 
with the media component as determined by the PDF is used. 

In case of an aggregation of multiple media components within one PDP context, the "Authorised QoS" for the bearer is 
provided by the PDF as the combination of the "Authorised QoS" information of the individual media components. 

The GGSN shall perform the proper mapping between the IP QoS information and the UMTS QoS information. This 
mapping is performed by the Translation/mapping function which maps the "Authorised QoS" information for the PDP 
context into authorised UMTS QoS information. 

It is recommended that the GGSN derives the highest allowed UMTS Traffic class for the PDP context from the QoS 
class in the "Authorized QoS" according to table 4.3.1.1.1. 

Table 4.3.1.1.1 



QoS class 


UMTS Traffic Class 


Traffic Handling Priority 


A 


Conversational 


N/A 


B 


Streaming 


N/A 


C 


Interactive 


1 


D 


2 


E 


3 


F 


Background 


N/A 


NOTE: QoS class represents the highest class that can be used for the bearer. 



The QoS class values given by the PDF are equal for both the uplink and the downlink directions. 

The Data rate within the "Authorized QoS" information for the bearer is the combination of the data rate values of the 
"Authorised QoS" of the individual media components. 

In the case of real-time UMTS bearers (conversational and streaming traffic classes), the GGSN shall consider, the Data 
rate value of the "Authorized QoS" information as the maximum value of the 'Guaranteed bitrate' UMTS QoS 
parameter, whereas the 'Maximum bitrate' UMTS QoS parameter is limited by the subscriber and service specific 
setting in the HLR/HSS (SGSN) and by the capacity/capabilities/service configuration of the network (GGSN, SGSN). 
In the case of non-real-time bearers (interactive and background traffic classes) the GGSN shall consider, the Data rate 
value of the "Authorized QoS" information as the maximum value of the 'Maximum bitrate' UMTS QoS parameter. 

The UMTS BS Manager receives the authorised UMTS QoS information for the PDP context from the 
Translation/mapping function. If the requested QoS exceeds the authorised QoS, the UMTS BS Manager shall 
downgrade the requested UMTS QoS information to the authorised UMTS QoS information. 

The GGSN may store the authorized QoS for the binding information of an active PDP context in order to be able to 
make local decisions, when the UE requests for a PDP context modification. 
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4.3.1 .2 Initialisation and maintenance 

The GGSN shall comply to the procedures described in RFC 2748 [7] for the initialisation and maintenance of the 
COPS protocol over the Go interface. 

4.3.1.3 Gate function 

The Gate Function represents a user plane function enabling or disabling the forwarding of IP packets. A gate is 
described by a set of packet classifiers that identify IP flows associated to the gate. The packet classifier includes the 
standard 5-tuple (source IP address, destination IP address, source port, destination port, protocol) explicitly describing 
a unidirectional IP flow. 

The packet classifier is received from the PDF in an authorisation decision. In the packet classifier the source IP address 
shall be taken from the SDP information if provided. Otherwise, for bi-directional flows the operator may choose to 
identify the source IP address from the 64 bit prefix of the destination IP address in order to reduce the possibilities of 
bearer misuse. If the source IP address is not identified by the SDP information and not identified by the 64 bit prefix of 
the destination IP address then the source IP address shall be wild carded by the PDF. If the source port number is not 
identified by the SDP information then the source port number shall be wild carded by the PDF. 

The GGSN installs the packet filter corresponding to the packet classifier. The packet classifier includes the status that 
the gate shall be set to. 

The commands to open or close the gate lead to the enabling or disabling of the passage for IP packets. If the gate is 
closed all packets of the related IP flows are dropped. If the gate is opened the packets of the related IP flows are 
allowed to be forwarded. The opening of the gate may be part of the authorisation decision event. The closing of the 
gate may be part of the revoke authorisation decision event. 

IP Packets matching a SBLP supplied filter are subject to the gate associated with that packet filter. In the uplink 
direction, IP packets which do not match any SBLP supplied filter shall be silently discarded. In the downlink direction, 
IP packets which do not match any SBLP supplied filter shall be matched against TFT supplied filters that are installed 
for PDP contexts where SBLP is not applied. 

4.3.1.4 Void 

4.3.1.5 Binding mechanism handling 

The binding information is used by the GGSN to identify the correct PDF and subsequently request service-based local 
policy information from the PDF. The binding information associates a PDP context with one or more media 
components of an IMS session. The GGSN may receive one or more sets of the binding information during an 
activation or modification of a secondary PDP context. Each set of binding information consists of an authorisation 
token and the flow identifier(s) related to the IP flows of the actual media component. If there is more than one media 
component to be transported within the PDP context the binding information includes the flow identifier(s) for the IP 
flows of each of the media components. 

The GGSN shall store the binding information and apply it to correlate events and actions between the PDP context and 
the service-based local policy. 

The GGSN shall determine the IP address of the PDF from the PDF identifier received as part of the Authorization 
Token. This identifier shall be in the format of a fully qualified domain name. If the GGSN receives multiple sets of 
binding information in the secondary PDP context activation, the GGSN shall search for the first Authorization Token 
containing the PDF identifier (Authorization Token is of type AUTH_SESSION and contains AUTH_END _ID) and 
use that to identify the correct PDF. If none of the tokens included in the binding information are of type 
AUTH_SESSION, or they do not contain an AUTH_ENT_ID attribute to resolve the PDF address, then the GGSN shall 
reject the secondary PDP context activation request. The reason for the rejection is indicated to the UE with the error 
code value "Invalid binding information" (see annex D). 

The GGSN shall forward the binding information received from the UE to the PDF. If multiple sets of binding 
information are received by the GGSN, it shall forward them to the PDF. 

If the binding information is successfully modified using the PDP context modification procedure, the GGSN shall 
replace the old binding information with the new binding information. 
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When the GGSN receives a secondary PDP context activation request to an APN for which the Go interface is enabled 
and no binding information is received, the GGSN may either reject the secondary PDP context activation request, or 
accept it within the limit imposed by a locally stored QoS policy. This local QoS policy shall be operator configurable 
within the GGSN. If the request is rejected, the reason for the rejection is indicated to the UE with the error code value 
"Missing binding information" (see annex D). 

When the GGSN receives a secondary PDP context modification request to an APN for which the Go interface is 
enabled, and no binding information is received, the GGSN shall reject the secondary PDP context modification if 
binding information has been previously provided for the PDP context. If no binding information has previously been 
received, the GGSN may either reject the secondary PDP context modification request, or accept it within the limit 
imposed by a locally stored QoS policy. This local QoS policy shall be operator configurable within the GGSN. If the 
request is rejected, the reason for the rejection is indicated to the UE with the error code value "Missing binding 
information" (see annex D). 

When binding information is received, the GGSN shall ignore any UE supplied TFT, and filters in that TFT shall not be 
installed in the packet processing table. 

The GGSN shall reject a secondary PDP context activation or PDP context modification request with the error code 
"Binding information not allowed" (see annex D) in the following cases: 

The Go interface is disabled and the GGSN receives a Create PDP Context Request or Update PDP Context 
Request message that includes binding information. 

The GGSN receives a Create PDP Context Request or Update PDP Context Request message that includes both 
binding information and the IM CN Subsystem Signalling Flag. 

The GGSN receives an Update PDP Context Request message that includes binding information to modify a 
previously non-authorized PDP context. 

4.3.2 PDF 

4.3.2.1 Service-based local policy decision point 

The PDF functions as a Policy Decision Point for the service-based local policy control. The PDF makes policy 
decisions based on session and media related information obtained from the P-CSCF. The PDF shall exchange the 
decision information with the GGSN via the Go interface. 

The following policy decision point functionalities for SBLP are identified: 

Authorisation function: 

The PDF shall be able to provide an authorisation decision upon receiving a bearer authorisation request from 
the GGSN. The PDF shall authorise the request according to the stored session and media related information 
received from the P-CSCF. 

The PDF shall use the binding information to determine the IMS session and the set of media components. 
Based on the media components, the PDF shall determine the authorised QoS, packet filters, and gate status 
to be applied. The authorised QoS specifies the maximum allowed QoS class, and the data rate for the set of 
media components identified in the binding information. 

The PDF shall be able to provide updates to the authorisation decision at session modifications which change 
the QoS and packet classifiers for PDP contexts which are already established. 

Revoke function: 

The PDF may revoke the authorisation of resources at any time. Revoke Authorisation for GPRS and IP 
resources is communicated by the PDF to the GGSN. 

Approval of QoS Commit / Removal of QoS Commit: 

The PDF may allow or deny for the media component(s) the usage of the PDP context by controlling the 
correlated gate(s). 
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The "Approval of QoS Commit" command may either be part of the authorisation decision, or the PDF may 
provide a separate decision with the "Approval of QoS Commit" command to open the gate. 

The "Removal of QoS Commit" command may either be part of the revoke authorisation decision, or the 
PDF may provide a separate decision with the "Removal of QoS Commit" command to close the gate. 

Actions due to Indication of bearer release: 

When the GGSN informs the PDF of bearer deactivation, the PDF shall remove the corresponding 
authorisation request state. Additionally, the PDF shall inform the P-CSCF about this deletion event. 

Actions due to Indication of bearer modification: 

When the PDF receives an indication of bearer modification of the maximum bitrate to or from kbits/s, the 
PDF shall inform the P-CSCF about this modification event. 

Generation of authorisation token: 

During the session set-up the PDF generates an authorisation token for the IMS session. 

Mapping SDP parameters to "Authorized QoS" parameters: 

To perform proper authorisation, the PDF shall map the necessary SDP parameters containing session and 
media related information to "Authorized QoS" parameters. 

Charging identifiers exchange: 

The PDF shall send the ICID provided by the P-CSCF as part of the initial authorisation decision of all the 
bearer authorization requests that correspond to the respective SIP session. 

When the PDF receives the GCID together with the GGSN address from the GGSN, it shall forward this 
information to the P-CSCF to ensure charging correlation. 

4.3.2.2 Initialisation and maintenance 

The PDF shall comply to the procedures described in RFC 2748 [7] for the initialisation and maintenance of the COPS 
protocol over the Go interface. 

4.3.2.3 Binding mechanism handling 

The binding information is used by the GGSN to identify the correct PDF and subsequently request service-based local 
policy information from the PDF. Each set of binding information consists of an authorisation token and one or more 
flow identifier(s). 

During the session set-up the PDF generates an Authorisation Token for the IMS session as described in RFC 3313 
[22]. The Authorisation token shall be sent to the P-CSCF which forwards it to the UE in the SIP signalling. The PDF 
shall allocate its PDF identifier as part of the Authorization Token. This identifier shall be in the format of a fully 
qualified domain name. 

The PDF receives the binding information and a Client Handle as part of a REQ from the GGSN. The PDF shall store 
the Client Handle for each media component identified by the binding information for subsequent message exchanges. 

The authorisation token is applied by the PDF to identify the IMS session. If no IMS session can be found for an 
authorisation token, or if the authorization token for the Client Handle has been modified, or if the PDF is otherwise 
unable to authorise the binding information, the PDF shall send a COPS decision message carrying both an INSTALL 
and REMOVE decision. The INSTALL decision shall identify an authorisation failure to the GGSN, and may include 
further details identifying the cause. The REMOVE decision shall subsequently remove this state from the GGSN. For 
an initial authorisation, the PDF shall then initiate a remove for the authorisation request. 

For a valid authorisation token the flow identifier(s) is used to select the available information on the media 
component(s) of this IMS session. The PDF sends the available authorisation information on the media component(s) 
back to the GGSN. If the PDF has already communicated authorisation for the same authorisation token and flow 
identifier(s) to this (or another) GGSN on this IMS session, then the previous authorisation shall be revoked, and this 
revocation shall be communicated to the appropriate GGSN. 
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If the binding information consists of more than one flow identifier, the PDF shall also verify that the media 
components identified by the flow identifiers are allowed to be transferred in the same PDP context. If any of these 
media components was mandated to be carried in a separate PDP Context, the PDF shall send a COPS decision message 
carrying both an INSTALL and REMOVE decision. The INSTALL decision shall identify an authorisation failure to 
the GGSN, and may include further details identifying the cause. The REMOVE decision shall subsequently remove 
this state from the GGSN. For an initial authorisation, the PDF shall then initiate a remove for the authorisation request. 

For a valid binding information consisting of more than one flow identifier, the information sent back to the GGSN 
shall include the aggregated QoS for all the flows and a packet filter for each flow. The flow identifiers within the 
binding information can span one or more media components. 



5 Policy control procedures 

5.1 GGSN 

5.1 .1 Initial authorization at PDP context activation 

The GGSN may receive binding information during the activation of a secondary PDP context by the UE. To perform 
initial authorization at the secondary PDP context activation the GGSN shall send an authorisation request to the PDF 
including the binding information received from the UE. 

The GGSN identifies the required PDF from the authorisation token of the binding information. The authorisation token 
is formatted according to the structure of the policy element AUTH_SESS10N defined in RFC 3520 [11]. The policy 
element AUTH_SESS10N shall include the AUTH_ENT_1D and the SESSIONJD attributes. The GGSN checks for 
that Policy Element and retrieves the AUTH_ENT_1D attribute from this. If this is in the form of a Fully Qualified 
Domain Name, then this is used to identify the correct PDF. 

The GGSN authorisation request message to the PDF shall allow the GGSN to request policy information for 
authorisation of the media components carried by a PDP context identified by binding information. 

When the GGSN receives the PDF decision regarding authorisation of the media components, the GGSN shall enforce 
the policy decision. To enforce the policy decision, the GGSN shall install the packet filters received from the PDF, and 
ignore the UE supplied TFT. 

If the PDF decision information indicates that the binding information provided by the GGSN is authorised, the GGSN 
shall proceed with activation of the secondary PDP context. The GGSN shall map the authorized QoS resources into 
authorized resources for the bearer admission control. 

To ensure charging correlation, the GGSN shall send the GCID and GGSN address information to the PDF after the 
successful establishment of the secondary PDP context, i.e. with the report following the initial authorization decision. 

When the PDF detects that the binding information provided by the GGSN is not associated with an ongoing SIP 
session at application layer, or is otherwise unable to authorise the binding information, the GGSN will receive a COPS 
decision message from the PDF carrying both an INSTALL and REMOVE decision. The reason for the rejection is 
indicated by the INSTALL decision with an appropriate authorisation request failure reason. The GGSN shall reject the 
secondary PDP context activation with a corresponding error code, see annex D. The GGSN shall subsequently remove 
this state according to the REMOVE decision. For an initial authorisation request, the GGSN shall then send a COPS 
Delete Request State (DRQ) message to the PDF to remove the state in the GGSN and the PDF. 

When the GGSN sends an authorization request to the PDF but the PDF does not respond with the decision message or 
the communication between the GGSN and the PDF fails, the GGSN shall reject the secondary PDP context activation 
with the error code "Authorizing entity temporarily unavailable" (see annex D). 

5.1 .2 Modification of previously authorized PDP context 

The GGSN is responsible for notifying the PDF when a procedure of PDP context modification of a previously 
authorized PDP context is performed. A modification of a previously authorized PDP Context may occur for example 
when a media component is added or when the codec or media flow change requires new resources. To authorise the 
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PDP context modification the GGSN shall send an authorisation request to the PDF including the binding information 
received fi^om the UE in the following cases: 

Requested QoS exceeds "Authorised QoS"; 

New binding information is received. 

The GGSN on receiving the PDP context modification request from the UE will verify the authorisation. If the GGSN 
does not have sufficient information to authorize the PDP context modification request then the GGSN shall interrogate 
the PDF for modification request authorisation. 

If the requested QoS is within the already "Authorized QoS" and the binding information is not changed, the GGSN 
need not send an authorization request to the PDF. 

If the PDF does not respond with a decision message to an authorization request sent by the GGSN or the 
communication between the GGSN and the PDF fails, the GGSN shall reject the PDP context modification with the 
error code "Authorizing entity temporarily unavailable" (see annex D). 

The GGSN is responsible for notifying the PDF, by sending a COPS Report State (RPT) message, when the procedure 
of the PDP context modification is performed in the following cases: 

Requested QoS maximum bit rate is kbit/s; 

Requested QoS maximum bit rate changes from kbit/s. 

5.1 .3 Session modification initiated decision 

A session modification may occur that modifies the media components without adding or removing media lines, for 
example, a change in the bandwidth for the media line, or a change to the port number. The GGSN will receive 
unsolicited authorisation decision from the PDF due to such modifications. 

When the GGSN receives an unsolicited authorisation decision from the PDF with updated QoS information, the GGSN 
shall update the stored authorised QoS. If the existing QoS of the PDP context exceeds the updated authorised QoS, the 
GGSN shall initiate a timer for the UE to modify the PDP context to decrease the QoS to within the authorised limit. At 
expiry of the timer, if the PDP context still exceeds the authorised QoS, the GGSN shall perform a network initiated 
PDP context modification to reduce the QoS to the authorised level. 

When the GGSN receives an unsolicited authorisation decision from the PDF, the GGSN shall also install the new set 
of packet classifiers, removing any existing packet classifiers that are not included in the new set. 

5.1 .4 PDP context deactivation 

The GGSN is responsible for notifying the PDF when a procedure of a PDP context deactivation is performed. In case 
of a PDP context deactivation, the GGSN shall inform the PDF of the bearer release related to the SIP session by 
sending a COPS Delete Request State (DRQ) message. 
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When a revoke authorisation for the set of media components on that PDP context is performed, the GGSN receives a 
decision message from the PDF for disabling the use of the "Authorised QoS" resources and deactivation of the PDP 
context associated with the binding information. The GGSN shall disable the use of the "Authorized QoS" resources. 
The GGSN shall initiate deactivation of the PDP context used for carrying these media components, in case that the UE 
has not performed it yet. 

5.1 .5 Gate control operation 

Upon receiving a gate decision from the PDF, the GGSN shall enforce this decision on the user plane. For each gate 
contained in the gate decision the GGSN shall perform the specified command. In case of an "Approval of QoS 
Commit" command the GGSN shall open the corresponding gate. In case of a "Removal of QoS Commit" command the 
GGSN shall close the corresponding gate. 

5.1 .6 User plane operation 

The GGSN shall enforce the configuration of the policy based "gating" functionality according to additional 
authorisation information received from the PDF. 

The filter(s) and associated gate(s) are connected to the PDP contexts where SBLP applies. For each such PDP context, 
the information received in the TFT is ignored. In the downlink direction, packets are processed against each filter in 
turn until a match is found. If a match is not found, packet processing shall then continue against filters installed from 
UE supplied TFTs for PDP contexts where SBLP is not applied. If a match is found against an SBLP supplied filter, the 
packet shall be processed according to the associated gate function. If the gate is open, the packet shall be passed to the 
UE on the associated PDP context. If the gate is closed, the packet shall be silently discarded. 

In the uplink direction, packets received on a PDP context with SBLP supplied filters shall be matched against those 
filters. If a match is found, the packet shall be passed if the gate associated with that filter is open. If the gate is closed, 
or if the packet does not match any of the packet filters, the packet shall be silently discarded. 

5.2 PDF 

5.2.1 SBLP decisions 

5.2.1 .1 SBLP authorisation decision 

The information needed for the PDF to perform media authorization is passed by the P-CSCF upon receiving a SIP 
message that contains SDP. The SDP contains sufficient information about the session, such as the end-points' IP 
address and port numbers and bandwidth requirements. 

All media components in the SDP are authorised. The media components contain one or more IP flows each represented 
by a flow identifier. The definition of flow identifier is in subclause 3.L The P-CSCF shall send policy set-up 
information to the PDF upon every SIP message that includes an SDP payload. This ensures that the PDF passes proper 
information to perform media authorization for all possible IMS session set-up scenarios. The policy set-up information 
provided by the P-CSCF to the PDF for each media component shall contain the following: 

Destination IP address; 

Destination port number; 

Transport Protocol id; 

Media direction information; 

Direction of the source (originating or terminating side); 

Indication of the group that the media component belongs to; 

- Media type information; 

Bandwidth parameter; 
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Indication of forking/non-forking. 

Additionally, upon the P-CSCF receiving the ICID in SIP signalHng, it shall send the ICID to the PDF. 

The PDF stores the authorised policy information, and generates an Authorisation Token to identify this decision. The 
Authorisation Token is passed back to the P-CSCF for inclusion in the SIP signalling back to the UE. 

The Authorisation Token is in the form of a Session Authorisation Data Policy Element as described in RFC 3520 [11]. 
The PDF shall include an AUTH_ENT_ID attribute containing the Fully Qualified Domain Name of the PDF and the 
SESSION_ID attribute. 

Upon receiving the bearer authorization request from the GGSN, the PDF shall authorize the request according to the 
stored service based local policy information for the session identified by the binding information in the request. 

Decision on the binding information: 

The authorisation shall contain the decision on verifying the binding information. The PDF shall identify 
whether the binding information indeed corresponds to an initiated SIP session. If the corresponding SIP 
session cannot be found or the binding information contains invalid flow identifier(s), or the authorization 
token has changed in an authorization modification request, the PDF shall enforce the rejection of this PDP 
context request by sending an INSTALL and REMOVE decision to the GGSN. The reason for the rejection 
is indicated by the INSTALL decision with the "noCorrespondingSession" reason in the Authorisation 
Request Failure Decision. If the PDF is otherwise unable to authorise the binding information, the INSTALL 
decision shall identify a general authorisation failure with the "authorisationFailure" of the request reason in 
the Authorisation Request Failure Decision. 

The authorization shall also contain decision on the list of flow identifiers contained in the bearer 
authorisation request sent by the GGSN representing the list of media components intended to be carried in 
the same PDP Context. This decision shall verify that these media components are indeed allowed to be 
carried in the same PDP Context. The PDF shall make this decision by comparing the list of flow identifiers 
contained in the bearer authorization request received from the GGSN to the media component grouping 
indication information received from the P-CSCF. 

In case the UE violates the IMS level indication, and attempts to set up multiple IMS media components in a 
single PDP context despite of an indication that mandated separate PDP contexts, the PDF shall enforce the 
rejection of this PDP context request by sending an INSTALL and REMOVE decision to the GGSN. The 
reason for the rejection is indicated by the INSTALL decision with the "invalidBundling" reason in the 
Authorisation Request Failure Decision. 

If the binding information and the list of flow identifiers are successfully authorised (verified) as per the 
means described above, the PDF shall also communicate the authorisation details for each media component 
to the GGSN. 

If the PDF has already communicated authorisation for the same authorisation token and flow identifier(s) to 
this (or another) GGSN, then the previous authorisation shall be revoked, and this revocation shall be 
communicated to the GGSN. 

The authorisation details contain the "Authorised QoS" and the packet classifier(s) of the associated IP flows. 
In case of an aggregation of multiple media components within one PDP context, the combination of the 
"Authorised QoS" information of the individual media components is provided as the "Authorised QoS". 

Based on the media direction information and the direction of the source provided by the P-CSCF, the PDF 
shall define the direction (upstream or downstream) of the "Authorised QoS" and the packet classifier(s). 

Packet classifier(s): 

The PDF shall use the destination IP address(s), destination port number(s) and transport protocol id(s) to 
formulate a packet classifier(s). 

If the source IP address, which is part of the standard 5-tuple for packet classifying, is provided by the P- 
CSCF in the SDP, then this shall be used. Based on operator policy the source IP address for bi-directional 
flows may be identified from the 64 bit prefix of the destination IP address. If the source IP address is not 
identified by the SDP information and not identified by the 64 bit prefix of the destination IP address then the 
source IP address shall be wild carded by the PDF. 
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If the source port number, which is part of the standard 5-tuple for packet classifying, is not provided by the 
P-CSCF in the SDP then the source port number shall be wild carded by the PDF in the packet classifier. 

The PDF shall send the destination address and the destination port number for each IP flow associated with 
the media component. 

- "Authorized QoS": 

The "Authorised QoS" information (consisting of maximum QoS Class and Data Rate) for a media 
component is extracted from the media type information and bandwidth parameter of the SDP. The PDF shall 
map the media type information into a QoS Class which is the highest class that can be used for the media. 
The PDF shall use an equal QoS Class for both the uplink and the downlink directions when both directions 
are used. As an example, the audio media type shall be mapped into QoS class A. 

The PDF shall derive the Data Rate value from the "b=AS" SDP parameter. The "b=AS" parameter in the 
SDP shall contain all the overhead coming from the IP-layer and the layers above, e.g. UDP and RTP. If RTP 
is used, then overhead coming from RTCP shall be added by the PDF when determining the data rate value 
applicable for the media component. 

For non-real-time bearers the Data rate value shall be considered as the maximum value of the 'Maximum 
bitrate' parameter. 

In case of an aggregation of multiple media components within one PDP context, the PDF shall provide the 
"Authorised QoS" for the bearer as the combination of the "Authorised QoS" information of the individual 
media components. The QoS Class in the "Authorised QoS" for the bearer shall contain the highest QoS class 
amongst the ones applied for the individual media components and indicates the highest UMTS traffic class 
that can be applied to the PDP context. 

The Data Rate of the "Authorised QoS" for the bearer shall be the sum of the Data Rate values of the 
individual media components/IP flows and it is used as the maximum Data Rate value for the PDP context. 

- The detailed rules for calculating the "Authorized QoS" are specified in 3GPP TS 29.208 [18]. 

The PDF may include the gate enabling command as part of the authorisation decision, for instance to enable early 
media. Alternatively, the PDF may provide a separate decision for opening the gate. 

The PDF shall send the IMS charging identifier provided by the P-CSCF as part of the authorisation decision to the 
GGSN. 

Upon receiving the modified SDP information from the P-CSCF, the PDF shall update the media authorization 
information for the session. The PDF may push this updated authorisation information to the GGSN. Under certain 
condition e.g. revoke of authorization, the PDF shall push the updated policy decision to the GGSN. 

5.2.1 .2 Session modification initiated decision 

A session modification may occur that modifies the media components without adding or removing media lines, for 
example, a change in the bandwidth for the media line, or a change to the port number. 

When there are updates to the SDP parameters for media lines which are currently authorised, the authorisation 
information (QoS, packet classifiers) may change. The updated information (QoS, packet classifiers) shall be pushed 
down to the GGSN using an unsolicited authorisation decision. 

5.2.1 .3 SBLP revoke decision 

Upon SIP session release the PDF shall send a revoke authorisation decision to the GGSN after an operator specific 
time. The revoke authorisation decision shall be sent for each handle (PDP context) related to the session as a separate 
decision to the GGSN corresponding to the previous SBLP authorisation decision. 

The timer for a pending session release shall be terminated if the PDF receives an indication on the termination of all 
PDP context(s) related to the released session. 

Additionally, when a media component which is bound to a PDP context is removed from a SIP session and the UE has 
not performed the corresponding modification or deactivation of the PDP context within an operator specific time the 
PDF shall revoke the authorisation for the set of media components on that PDP context. 



£75/ 



3GPP TS 29.207 version 5.4.0 Release 5 21 ETSI TS 1 29 207 V5.4.0 (2003-06) 

The timer for a pending media component removal shall be terminated if the PDF receives either a new authorisation 
request with the same handle where that media component has been removed, or an indication of the termination of the 
PDP context. 

NOTE: The values of the timers for session termination and media component removal might be different, e.g. to 
allow for some more time for the required modification of the PDP context. 

If the PDF receives a request from a GGSN for the same authorisation token and flow identifier(s) that this (or another) 
GGSN was already communicated authorisation, then the previous authorisation shall be revoked, and this revocation 
shall be communicated to the GGSN. 

5.2.1.4 SBLP gate decision 

The PDF may send a gate decision during the session set-up or whenever the status of a media component changes 
during the session (e.g. a media component is put on hold, resumed or removed). The PDF shall not send a gate decision 
to the GGSN before it has sent the initial authorisation decision. If the initial authorisation decision has already been 
sent, the PDF may send a gate decision to the GGSN to modify the status of one or several gate(s) on the user plane. 
The gate decision shall only contain the gate(s) for which the status was changed compared to the last authorisation or 
gate decision sent to the GGSN. The gate decision contains for each gate either the "Approval of QoS Commit" 
command to open the gate or the "Removal of QoS Commit" command to close the gate. 

5.2.2 Support for forking 

The PDF shall be able to handle forking when SBLP is applied. Forking can occur as specified in 3GPP TS 23.228 [4]. 
The related UE procedures are described in 3GPP TS 24.229 [14]. 

5.2.2.1 Authorization of resources for forked responses 

When a SIP session has been originated by a connected UE, the P-CSCF may receive multiple provisional responses 
due to forking before the first final answer is received. The PDF shall allocate the same authorization token to all the 
forked responses and the corresponding early dialogues. 

The UE and the P-CSCF become aware of the forking only when the second provisional response arrives. For this, and 
any subsequent provisional response, the PDF shall identify the existing authorization information for that session. The 
PDF shall authorize any additional media components and any increased QoS requirements for the previously 
authorized media components, as requested by the forked response. Thus, the QoS authorized for a media component 
shall be equal to the highest QoS requested for that media component by any of the forked responses. Authorization is 
done by the procedures for authorization request in subclauses 5.1.1 and 5.1.2 and SBLP decisions in subclause 5.2.1.1. 

Additional packet classifiers as required by the subsequent responses are sent to the GGSN by the session modification 
initiated decision specified in subclause 5.2.1.2. 

5.2.2.2 Updating the authorization information at the final answer 

The PDF shall keep the authorization information requested for each of the individual early dialogues till the first final 
answer is received. Then the related early dialogue is progressed to establish the final SIP session. All the other early 
dialogues are terminated. The authorization information for the SIP session is updated to match the requirements of the 
remaining early dialogue only. Several actions may be needed in the PDF: 

• Only the packet classifiers and the QoS indicated by the first final answer shall remain authorized. This 
information shall be sent to the GGSN by the session modification initiated decision specified in 
subclause 5.2.1.2. This should be done without delay in order to reduce the risk for initial clipping of the media 
stream, and minimising possible misuse of resources. 



• 



• 



The authorization for PDP contexts that were used only for the terminated early dialogues, shall be revoked as 
specified in subclause 5.1.4. 

The PDF shall await new authorization requests for remaining PDP contexts with updated binding information to 
remove any media components that were authorized for the terminated early dialogues only. If necessary 
(i.e. after timeout), the authorization for these PDP contexts shall be revoked as specified in subclause 5.2.1.3. 
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EXAMPLE: Assume that three forked responses for a certain media component indicate the bandwidths 

10 kbps, 30 kbps and 20 kbps, respectively. This media component will first be authorized for 
10 kbps and then upgraded to 30 kbps, which will be its final value for the early dialogue phase. If 
the first final answer corresponds to the third forked, provisional response, then QoS is finally 
downgraded to 20 kbps. 



6 Go protocol 

6.1 Protocol support 

6.1.1 TCP connection for COPS protocol 

The GGSN receives the PDF identifier received as part of the Authorization Token, during the secondary PDP context 
activation or PDP context modification procedure. The GGSN resolves the PDF IP address from the PDF identifier, 
which is in the form of a fully qualified domain name. 

If there is no existing TCP connection to the PDF, the GGSN shall establish a TCP connection for COPS interactions to 
the PDF. The GGSN shall use an existing TCP connection to the PDF, whenever present. 

The TCP connection between the GGSN and the PDF may be pre-established by configuring the PDF addresses on the 
GGSN. 

All communication between the GGSN and the PDFs shall use a standardised Client-Type with a corresponding 
standardised PIB, as defined in annex B. 

The validity of the PDF may be ensured either by using a private DNS for resolving the PDF IP address or by 
configuring a list of allowed PDF IP addresses on the GGSN. 



6.1.2 COPS protocol 



The Go interface allows service-based local policy and QoS inter- working information to be "pushed" to or requested 
by the GGSN from a PDF. 

The COPS protocol supports a client/server interface between the GGSN and the PDF. The Go interface shall conform 
to the IETF COPS framework as a requirement and guideline for Stage 3 work. 

The COPS protocol allows both push and pull operations. For the purpose of the initial authorisation of QoS resources 
the pull operation shall be used. Subsequently the interactions between the PDF and the GGSN may use either pull or 
push operations. 

Policy decisions may be stored by the COPS client in a local policy decision point allowing the GGSN to make 
admission control decisions without requiring additional interaction with the PDF. 

The COPS client (PEP) can request a policy decision from the PDF triggered by a QoS signalling request. One PEP 
request may be followed by one or more asynchronous PDF decisions. Each of the decisions will allow the PDF to 
notify the PEP in the GGSN whenever necessary to change earlier decisions, generate errors etc. 

Protocol stack: IP, TCP and COPS. 

6.2 Basic COPS events/messages 

The Go interface supports event triggered information transfer between the GGSN and PDF 

6.2.1 Type of messages 

The COPS protocol supports several messages between GGSN and PDF. The message content is dependent on 
the type of COPS operation (e.g. Client-Open/Client- Accept/Client-Close, Request, Decision and Delete Request 

State). 
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The Client Open, Client Accept, Client Close, Keep Alive, Synchronize State Request and Synchronize State 
Complete messages are used for setting up and maintaining the connection between the PDF and the GGSN. 

The following messages supported by the COPS layer for Go interface are used for the policy control operations: 

- Request (REQ) message from the GGSN to the PDF is used by the GGSN to request SBLP and QoS 
inter-working information. 

Decision (DEC) message from the PDF to the GGSN is a response to the Request message or an asynchronous 
notification from PDF to the GGSN whenever necessary in order to change earlier decisions, generate errors, etc. 

Report State (RPT) message from the GGSN to the PDF is used to communicate the success, failure or changes 
to the client state of the GGSN in carrying out the PDF's decision indicated in the Decision message. 

- Delete Request State (DRQ) message from the GGSN to the PDF indicates that the state identified by the client 
handle is no longer available/relevant and the corresponding state may be removed from the PDF. 



6.3 Go events/messages 



The UMTS-specific information is carried in specific COPS-PR objects, as defined in the 3GPP Go PIB that is given in 
annex B. 



6.3.1 Event (descriptions 



The Go Interface uses COPS-PR (RFC 3084 [8]) schematics and the 3GPP Go PIB. For COPS-PR to support the 
Outsourcing Model it is required to add a new 3GPP Go PIB with objects to: 

Describe the Triggering Event Handling. 

Describe the Outsourcing Event. 

Describe the Decision for the Outsourced Event. 

Describe the Termination of the Outsourced Event. 

Describe the resource used for the Outsourced Event. 

6.3.1 .1 Common Header, Client Type 

The COPS Client-type number for go3gpp is 0x8009 (Client type number assigned by lANA). 

6.3.1.2 Context Object 

The COPS Context Object is sent in the REQ and DEC messages. This object is used to indicate the triggering event. 
C-Num = 2, C-Type = 1 

12 3 



R-Type 


M-Type 



R-Type (Request Type Flag) 

0x08 for configuration request 
M-Type (Message Type) 

0x01 initial capability negotiation 

0x02 create event state 

0x03 update event state 
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0x04 terminate event state 

6.3.1 .3 Client Specific Information (ClientSI) for outsourcing Operation 

The binding information consisting of the Authorization Token and flow identifier(s) received by the GGSN are 
encapsulated inside the Client Specific Information object of the COPS request message sent from the GGSN to the 
PDF. The PDF identifier is extracted from the token and used inside the GGSN to resolve the address of the actual PDF. 
However, from the Go message perspective, the token is treated as an opaque entity. 

6.3.1 .4 Conformance Section 

The conformance section indicates the PIB objects, i.e. provisioning classes (PRCs), that a PIB shall have to be 
conformant to 3GPP Go PIB. To be conformant to the 3GPP Go PIB, it is mandatory to have all the 3GPP Go PIB 
PRCs and the frwkPrcSupportGroup, frwkDeviceldGroup included from the Framework PIB ([15]). The supported 
PRCs are notified using these mandatory groups of PRCs from the Framework PIB. 

The following GGSN capabilities are notified to the PDF by indicating the corresponding PRCs: 

Bearer authorisation capabilities: 

The GGSN notifies the PDF that it supports bearer authorisation capabilities. The GGSN will provide the 
token(s) and flow identifier(s) in the REQ for verifying the binding information and the grouping of the 
media flows by the PDF. The go3gppAuthReqEventGroup together with the go3gppBindinglnfoGroup and 
the go3gppFlowldGroup are used for this purpose. 

Furthermore, the GGSN will enforce any requested or unrequested decision for the authorisation of GPRS 
and IP resources. If the authorisation at the PDF fails the go3gppAuthReqFailDecGroup is used to give some 
information on the reason of failure to the GGSN. The go3gppAuthReqDecGroup together with the 
go3gppAuthReqDirDecGroup are used in case of a successful authorisation at the PDF. This also includes 
the following capabilities: 

"Authorised QoS" capabilities: 

The GGSN notifies the PDF that it is capable to enforce the combined "Authorised QoS" for the 
bearer. The go3gppQosGroup is used for this purpose. 

- Gating capabilities: 

The GGSN notifies the PDF that it is capable to enforce the gating functionality. The 
go3gppGateGroup together with the frwkBaseFilterGroup and the frwklpFilterGroup are used for this 
purpose. 

Indication of device capabilities and device limitations: 

The GGSN informs the PDF that it is able to notify its device capabilities and device limitations. The 
go3gppAuthReqCapGroup and the go3gppAuthReqDecCapGroup are used for this purpose. 

Open /close the gate capabilities: 

The GGSN informs the PDF that it is capable to enforce a separate decision on opening the gate for the 
authorised media flow and it is capable to enforce a separate decision from the PDF regarding disabling of 
the gate. The go3gppGateDecGroup together with the go3gppGateGroup are used for this purpose. 

Revoke media authorisation capabilities: 

The GGSN notifies the PDF that it is capable to enforce the revoke authorisation for GPRS and IP resources 
decision from the PDF. No PRCs are required to indicate this capability. 

Charging co-ordination: 

The GGSN informs the PDF that it is capable to send GCID(s) and GGSN address to the PDF. The 
go3gppReportGroup together with the go3gppRprtGPRSChrgInfoGroup are used for this purpose. 

The GGSN informs the PDF that it is capable to receive lCID(s) from the PDF. The 
go3gppAuthReqDecGroup together with the go3gpplcidGroup are used for this purpose. 
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Indication of QoS modifications to kbps and from kbps: 

The GGSN informs the PDF that it is able to notify when the maximum bit rate for the PDP context is 
modified to kbps or that the maximum bit rate for the PDP context is changed from kbps. The 
go3gppReportGroup together with the go3gppRprtUsageGroup are used for this purpose. 

Indication of bearer release: 

The GGSN notifies the PDF that it is capable to notify when the previously authorised GPRS and IP 
resources are released, i.e. PDP context is deactivated. No PRCs are required to indicate this capability. 

COPS-PR specific capabilities: 

The GGSN informs the PDF that it supports the following COPS-PR (RFC 3084 [8]) specific capabilities: 

Outsourcing capability: 

The GGSN informs the PDF that it supports the outsourcing model. The 
go3gppAuthReqHandlerGroup is used for this purpose. 

6.3.1 .5 Reporting of Device Capabilities and Device Limitations 

The functionality of reporting of device capabilities and device limitations is as described in RFC 3084 [8]. In addition, 
the following shall apply. 

The configuration request message serves as a request from the GGSN to the PDF and includes provisioning client 
information to provide the PDF with client-specific configuration or capability information about the GGSN. The 
capability information to be exchanged could include additional PIB objects supported by the GGSN which are part of 
the capability section. If no value information is exchanged then the default value will be used as if it had been 
exchanged. This information from the client assists the server in deciding what types of policy the GGSN can install 
and enforce. 

The following GGSN capabilities and limitations may be provided in the configuration request message: 

Indication of the maximum number of binding information: 

The GGSN may notify the PDF how many binding information the GGSN is able to send with an 
Authorization_Request. 

Indication of the maximum number of Flow identifiers: 

The GGSN may notify the PDF how many Flow identifiers the GGSN is able to send with an 
Authorization_Request. 

Indication of the maximum number of ICIDs: 

The GGSN may notify the PDF how many ICIDs the GGSN is able to receive with an 
Authorization_Decision. 



The device capabilities information exchanged by the initial messages shall be stored in the PDF. 

6.3.1.6 Initial Go Policy Provisioning 

The functionality of initial Go policy provisioning is as described in RFC 3084 [8]. In addition, the following shall 
apply: 

The DEC message is sent from the PDF to the GGSN in response to the REQ message received from the GGSN. 
The Client Handle shall be the same as that received in the corresponding REQ message. 

The DEC message is sent as an immediate response to a configuration request with the solicited message flag set 
in the COPS message header. The PDF shall also inform the GGSN what types of events shall trigger policy 
control requests over the Go interface. 
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The R-type = 0x08 for configuration request is used here and M-type = 0x01 initial capability negotiation is used 
here. 

6.3.2 Message description 

The following messages and events are available on the Go interface (after the initial policy provisioning described in 
subclause 6.3.1.5): 

- Authorisation_Request (REQ) (GGSN^PDF): 

This event allows the GGSN to request authorisation data from the PDF. It contains the following information: 

Client Handle; 

Binding Information. 
The R-type = 0x08 for configuration request is used here and M-type = 0x02 create event state is used here. 

- Authorisation_Decision (DEC)(PDF^GGSN): 

This event provides the GGSN with the relevant authorisation data. The event contains the following 
information: 

Client Handle; 

IClD(s) (only in the initial Authorisation_Decision). Only one ICID is transferred in this Release. The form 
of the IClD is defined in 3GPP TS 32.225 [21]; 

Unidirectional set (this parameter shall appear once for each direction (uplink and downlink)): 

Direction indicator; 
- "Authorised QoS"; 

Gate description (this parameter shall appear once for each required gate for this direction): 

Filter Specification - The information about the authorised IP end points addresses and ports is 
detailed below. The Filter Specification parameters are: 

Source IP address; 

- Destination IP address; 
Source ports; 
Destination ports; 

- Protocol ID. 

The Source and Destination ports are described with a range consisting of a minimum and 
maximum value. If only one port is authorised, the minimum value and maximum value of the 
range are identical. 

A filter specification describing more than one IP flow shall be only used in case of identical 
Protocol IDs, IP addresses and successive port numbers (e.g. RTP and RTCP flow of a media 
component). Furthermore, the gate status of all IP flows described by this filter specification shall 
be identical, too. 
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The Base and IP Filter definitions fi-om the IETF Framework PIB [15] shall be used in the 3GPP 
Go PIB to represent the filter specification. Only a subset of the available filter attributes shall be 
used. The attributes frwklpFilterDscp, and fi^wklpFilterFlowId in the filter description shall have 
their values set to -1, indicating a "match-all" wildcard condition, in effect a "not used" condition. 
The attribute frwkBaseFilterNegation shall have its value set to "false" to indicate not using 
negation, in effect a "not used" condition. The GGSN shall ignore them if they are set otherwise. 
Wildcarding of filter elements is detailed in Annex B. 

Gate status (opened/closed) 

The R-type = 0x08 for configuration request is used here and M-type = 0x02 create event state is used here. 

- Authorisation_Failure (DEC) (PDF^GGSN): 

This event provides the GGSN with an indication of an authorisation failure, and may carry additional reason 
details. The event contains the following information: 

Client Handle; 

Authorisation failure (including any provided reason information). 

The R-type = 0x08 for configuration request is used here and M-type = 0x04 terminate event state is used here. 

- Gate Decision (DEC) (PDF^GGSN): 

The Gate Decision indicates to the GGSN the new status of the gate(s) established for a client handle (PDP 
context). The gate status indicates to the GGSN that the gate shall be opened or closed. Only the gate(s) for 
which the status is changed are indicated by this event. The event contains the following information: 

Client Handle; 

Unidirectional set (this parameter shall appear once for each direction for which gates are being updated 
(uplink and/or downlink)): 

Direction indicator; 

Gate description (this parameter shall appear once for each gate to be modified for this direction) : 

Filter Specification - The information about the authorised IP end points addresses and ports is 
detailed below. The Filter Specification parameters are: 

Source IP address; 

- Destination IP address; 
Source ports; 
Destination ports; 

- Protocol ID. 

The Source and Destination ports are described with a range consisting of a minimum and 
maximum value. If only one port is authorised, the minimum value and maximum value of the 
range are identical. 

A filter specification describing more than one IP flow shall be only used in case of identical 
Protocol IDs, IP addresses and successive port numbers (e.g. RTP and RTCP flow of a media 
component). Furthermore, the gate status of all IP flows described by this filter specification shall 
be identical, too. 

The Base and IP Filter definitions from the IETF Framework PIB [15] shall be used in the 3GPP 
Go PIB to represent the filter specification. Only a subset of the available filter attributes shall be 
used. The attributes frwklpFilterDscp, and frwklpFilterFlowId in the filter description shall have 
their values set to -1, indicating a "match-all" wildcard condition, in effect a "not used" condition. 
The attribute frwkBaseFilterNegation shall have its value set to "false" to indicate not using 
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negation, in effect a "not used" condition. The GGSN shall ignore them if they are set otherwise. 
Wildcarding of filter elements is detailed in Annex B. 

Gate status (opened/closed) 

NOTE: The opening of the gate may occur at the same time / be part of the authorisation decision event. 

The R-type = 0x08 for configuration request is used here and M-type = 0x03 update event state is used here. 

- Report (RPT) (GGSN^PDF): 

Authorisation_report; Gate_report: 

The GGSN sends a COPS RPT message back to the PDF reporting that it enforced or not the 
Authorisation_Decision, or the Gate_Decision. 

The events contain the following information: 

- Client Handle; 
Success / Failure. 

The Authorization_report of the initial Authorisation_Decision includes: 

- GCID; 

- GGSN address. 

Report of state changes: 

The GGSN sends the report of state change message to the PDF reporting that the maximum bit rate for the 
PDP context is modified to kbps or that the maximum bit rate for the PDP context is changed from kbps. 

The event contains the following information: 

- Client Handle; 

- Maximum bit rate (set to kbps / changed from kbps). 

- Delete request state (DRQ) (GGSN^PDF): 

The GGSN informs the PDF via the delete request state message, that the PDP context is deactivated and the 
request state identified by the client handle is no longer available/relevant at the GGSN, so the corresponding 
state shall also be removed at the PDF. 

The DRQ message includes the reason why the request state was deleted. 

The event contains the following information: 

Client Handle; 

Reason code: "Tear", Sub-code: deactivation of the PDP context. 

- Remove_Decision (PDF^GGSN): 

The PDF uses the Remove_Decision to inform the GGSN that the PDF revokes the authorized resources for the 
client handle (PDP context). The Remove_Decision is a specific Decision message with the COPS Decision 
Flags object set to 0x02 ("Request-State" flag) and the Command-Code set to "Remove"; see IETF RFC 3084 
[8]. 

The event contains the following information: 

Client Handle. 

The R-type = 0x08 for configuration request is used here and M-type = 0x04 terminate event state is used here. 
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6.4 Go data 

The detailed data description is provided in annex B. 

6.5 Security Considerations 

The security mechanisms described in COPS (RFC 2748 [7]) and COPS-PR (RFC 3084 [8]) should be re-used in 3GPP. 
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Annex A: 
(Void) 
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Annex B (normative): 
SGPPGoPIB 

G03GPP-PIB PIB-DEFINITIONS ::= BEGIN 

IMPORTS 

Unsigned32, Integer32, MODULE-IDENTITY, 
MODULE-COMPLIANCE, OBJECT-TYPE, OBJECT-GROUP 

FROM COPS-PR-SPPI — Defined in RFC 3159 [9] 

Instanceld, Prid 

FROM COPS-PR-SPPI-TC — Defined in RFC 3159 [9] 

zeroDotZero FROM SNMPv2-SMI 



InetAddress, InetAddressType, 
InetAddressPref ixLength 

FROM INET-ADDRESS-MIB; 



Defined in RFC 3291 [19] 



go3gppPib MODULE-IDENTITY 

SUBJECT-CATEGORIES { go3gpp (0x8009) } 

LAST-UPDATED "200305240000Z" 



ORGANIZATION 
CONTACT- INFO 



— Go 3GPP COPS Client Type 



"3GPP TSG CN WG3" 

"Kwok Ho Chan 
Nortel Networks 
600 Technology Park Drive 
Billerica, MA 01821 USA 
Phone: +1 978 288 8175 
Email: khchan@nortelnetworks.com 



Louis-Nicolas Hamer 
Nortel Networks 
PO Box 3511 Station C 
Ottawa, Ontario 
Canada, KlY 4H7 
Phone: +1 613 768 3409 
Email : nhamer@nortelnetworks . com" 
DESCRIPTION 

"A PIB module containing the set of provisioning 
classes that are required for support of policies for 
3GPP's GO interface. Release 5." 
REVISION "200305240000Z " 
DESCRIPTION 

"The 3GPP Go PIB for release 5 
Annex B of 3GPP TS 29.207 v5 . 4 . . " 



(13 6 14 1 10415 1 1 } 



full specification of object ID tree. 

— The final syntax should be ( 3gpp_pib 1 } 

— With imports from the document that shows 

— that 3gpp_pib means ( 1.3.6.1.4.1.10415.1 



The root OID for PRCs in the 3GPP GO PII 



go3gppCapabilityClasses OBJECT IDENTIFIER 

go3gppEventHandlerClasses OBJECT IDENTIFIER 

go3gppEventClasses OBJECT IDENTIFIER 

go3gppEventInfoClasses OBJECT IDENTIFIER 

go3gppReqInfoClasses OBJECT IDENTIFIER 

go3gppDecInfoClasses OBJECT IDENTIFIER 

go3gppReportClasses OBJECT IDENTIFIER 

go3gppConformance OBJECT IDENTIFIER 



go3gppPib 1 } 
go3gppPib 2 } 
go3gppPib 3 } 
go3gppPib 4 } 
go3gppEvent Inf oClasses 
go3gppEvent Inf oClasses 
go3gppPib 5 } 
go3gppPib 6 } 



Capability and Limitation Policy Rule Classes 
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3GPP GO Capability Table 



go3gppAuthReqCapTable OBJECT-TYPE 

SYNTAX SEQUENCE OF GoSgppAuthReqCapEnt ry 

PIB-ACCESS notify 
STATUS current 

DESCRIPTION 

"The 3GPP Go Authorization Request Capability PRO." 
::= { goSgppCapabilityClasses 1 } 



go3gppAuthReqCapEntry OBJECT-TYPE 

SYNTAX GoSgppAuthReqCapEntry 

STATUS current 

DESCRIPTION 

"An instance of the goSgppAuthReqCap class identifies a 
specific PRO and associated attributes as supported 
by the device . " 

PIB-INDEX { go3gppAuthReqCapPrid } 

UNIQUENESS { } 

::= { goSgppAuthReqCapTable 1 } 



Go3gppAuthReqCapEntry ::= SEQUENCE { 

goSgppAuthReqCapPrid Instanceld, 

go SgppAuthReqCapBinding Infos Unsigned32, 
go3gppAuthReqCapFlowIds Unsigned32 

} 



go3gppAuthReqCapPrid OBJECT-TYPE 

SYNTAX Instanceld 

STATUS current 

DESCRIPTION 

"An arbitrary integer index that uniquely identifies an 
instance of the go3gppAuthReqCap class." 

::= { go3gppAuthReqCapEntry 1 } 



go3gppAuthReqCapBindingInfos OBJECT-TYPE 

SYNTAX Unsigned32 

STATUS current 

DESCRIPTION 

"Indication of the maximum number of Binding Information 
the PEP can send with each Authorization Request. 
The value of zero indicates limit is not specified." 

DEFVAL { } 

::= { go3gppAuthReqCapEntry 2 } 



go3gppAuthReqCapFlowIds OBJECT-TYPE 
SYNTAX Unsigned32 

STATUS current 

DESCRIPTION 

"Indication of the maximum number of Flow identifiers the PEP can 

send with each Authorization Request. 

The value of zero indicates limit is not specified." 
DEFVAL { } 
::= { go3gppAuthReqCapEntry 3 } 



Go 3GPP Authorization Request Decision Capabilities 



go3gppAuthReqDecCapTable OBJECT-TYPE 

SYNTAX SEQUENCE OF Go3gppAuthReqDecCapEnt ry 

PIB-ACCESS notify 
STATUS current 

DESCRIPTION 

"The 3GPP Go Authorization Request Decision Capability PRC. 
::= { go3gppCapabilityClasses 2 } 
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goSgppAuthReqDecCapEntry OBJECT-TYPE 

SYNTAX GoSgppAuthReqDecCapEntry 

STATUS current 

DESCRIPTION 

"An instance of the goSgppAuthReqDecCap class identifies a 
specific PRC and associated attributes as supported 
by the device . " 

PIB-INDEX { go3gppAuthReqDecCapPrid } 

UNIQUENESS { } 

::= { goSgppAuthReqDecCapTable 1 } 



GoSgppAuthReqDecCapEntry ::= SEQUENCE { 

goSgppAuthReqDecCapPrid Instanceld^ 

goSgppAuthReqDecCapIcids Unsigned32 

} 

goSgppAuthReqDecCapPrid OBJECT-TYPE 

SYNTAX Instanceld 

STATUS current 

DESCRIPTION 

"An arbitrary integer index that uniquely identifies an 
instance of the goSgppAuthReqDecCap class." 

::= { goSgppAuthReqDecCapEntry 1 } 

goSgppAuthReqDecCapIcids OBJECT-TYPE 

SYNTAX UnsignedS2 

STATUS current 

DESCRIPTION 

"Indication of the maximum number of Icid possible 

in a single Authorization Request Decision. 

The value of zero indicates limit is not specified." 

DEFVAL { } 

::= ( goSgppAuthReqDecCapEntry 2 } 



— Component Limitations Table 

— This table supports the ability to export information 

— detailing provisioning class/attribute implementation limitations 

— to the policy decision function. This Component Limitiations Table 

— shall be implementation dependant and does not need to be standardized. 



SGPP GO Event Handler Provisioning Classes 

PRCs sent from PDF to PEP for indicating how to handle each 
kind of event that require actions by the GO interface. 

For SGPP Release 5, PRCs for Event Handling of Authorization 
Request containing Binding Information, Flow identifiers, and QoS is 
specified. 



SGPP GO Authorization Request Event Handler Provisioning Table 



goSgppAuthReqHandlerTable OBJECT-TYPE 

SYNTAX SEQUENCE OF GoSgppAuthReqHandlerEnt ry 

PIB-ACCESS install 

STATUS current 

DESCRIPTION 

"PRC from PDF to PEP carried by COPS DEC messages 

indicating GO actions to take at the GGSN when an Authorization 
Request Event is detected by the GGSN. An example of an 
Authorization Request Event is the receive of a PDP Context message. 

::= ( goSgppEventHandlerClasses 1 } 



goSgppAuthReqHandlerEntry OBJECT-TYPE 
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SYNTAX Go3gppAuthReqHandlerEntry 

STATUS current 

DESCRIPTION 

"An instance of the goSgppAuthReqHandler class sent by the PDF to 
the PEP what the PEP should send upon detection of an Authorization 
Request Event . " 

PIB-INDEX { goSgppAuthReqHandlerPrid } 

UNIQUENESS { goSgppAuthReqHandlerEnable, 

goSgppAuthReqHandlerBindingInf o 
} 

::= { go3gppAuthReqHandlerTable 1 } 

GoSgppAuthReqHandlerEntry ::= SEQUENCE { 

goSgppAuthReqHandlerPrid Instance Id, 
goSgppAuthReqHandlerEnable INTEGER, 
goSgppAuthReqHandlerBindingInf o UnsignedS2 



goSgppAuthReqHandlerPrid OBJECT-TYPE 
SYNTAX Instanceld 

STATUS current 

DESCRIPTION 

"An arbitrary integer index that uniquely identifies an 

instance of this class." 
::= ( goSgppAuthReqHandlerEntry 1 } 



goSgppAuthReqHandlerEnable OBJECT-TYPE 
SYNTAX INTEGER { 

enable (1) , 
disable (2) 
} 
STATUS current 

DESCRIPTION 

"Controls the usage of SGPP Authorization Request Events 
to trigger COPS requests to PDF on the go interface." 
DEFVAL { enable } 
::= ( goSgppAuthReqHandlerEntry 2 } 



goSgppAuthReqHandlerBindinglnfo OBJECT-TYPE 
SYNTAX UnsignedS2 
STATUS current 

DESCRIPTION 

"Indication of the maximum number of Binding Information 

be associated with a each Authorizating Request. 

The value of zero indicates policy control does not impose 

any limit . " 
DEFVAL { } 
::= { goSgppAuthReqHandlerEntry S } 



— SGPP GO Event Classes 

— PRCs from PEP to PDF carried by COPS REQ messages 

— indicating the detection of specific events in the GGSN. 

— Information required for PDF to make decision on behave 

— of GGSN is also defined here to be carried by REQ messages. 



— SGPP GO Authorization Request Event Table 

goSgppAuthReqEvent Table OBJECT-TYPE 

SYNTAX SEQUENCE OF GoSgppAuthReqEventEnt ry 

PIB-ACCESS notify 
STATUS current 

DESCRIPTION 

"PRC for indication of Authorization Request Event 

and its relevant information. 

Sent by PEP to PDF upon receive of an Authorization 

Request. Using COPS REQ message." 
::= { goSgppEventClasses 1 } 
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go3gppAuthReqE vent Entry OBJECT-TYPE 

SYNTAX Go3gppAuthReqEventEntry 

STATUS current 

DESCRIPTION 

"An entry in the Authorization Request Event Table 
describe a single Event sent by the PEP to the PDF. 

PIB-INDEX { goSgppAuthReqEventPrid } 

UNIQUENESS { } 

::= ( go3gppAuthReqEventTable 1 } 



GoSgppAuthReqEventEntry ::= SEQUENCE { 

goSgppAuthReqEventPrid Instanceld, 
goSgppAuthReqEventBinding Infos Prid 

} 



goSgppAuthReqEventPrid OBJECT-TYPE 

SYNTAX Instanceld 

STATUS current 

DESCRIPTION 

"An arbitrary integer index that uniquely identifies an 
instance of the goSgppAuthReqEvent class." 

::= { goSgppAuthReqEventEntry 1 } 



goSgppAuthReqEventBindinglnfos OBJECT-TYPE 

SYNTAX Prid 

STATUS current 

DESCRIPTION 

"References the first of a list of goSgppBindinglnfo 
class instances that are associated with this 
Authorization Request Event. 

A value of zeroDotZero indicates there are no 
goSgppBindingInf o class instance associated with 
this Authorization Event." 

::= ( goSgppAuthReqEventEntry 2 } 



SGPP Go Event Request Info Classes 



— SGPP GO Binding Information Table 

goSgppBindingInf oTable OBJECT-TYPE 

SYNTAX SEQUENCE OF GoSgppBindingInf oEntry 

PIB-ACCESS notify 

STATUS current 

DESCRIPTION 

"PRC representing Binding Information. 

Sent by PEP to PDF as part of an Authorization 

Request. In a COPS REQ message." 

::= { goSgppReqInfoClasses 1 } 



goSgppBindinglnfoEntry OBJECT-TYPE 

SYNTAX GoSgppBindinglnfoEntry 

STATUS current 

DESCRIPTION 

"An entry in the Binding Information Table 

describing a single Binding Info. 

Each entry is referenced by goSgppAuthReqEventBindinglnfos 

or goSgppBindingInf oNext . " 
PIB-INDEX { goSgppBindinglnfoPrid } 
UNIQUENESS { } 
::= ( goSgppBindingInf oTable 1 } 



GoSgppBindinglnfoEntry ::= SEQUENCE { 

goSgppBindinglnfoPrid Instanceld^ 

goSgppBindinglnfoToken OCTET STRING, 
goSgppBindinglnfoFlowIds Prid, 
goSgppBindingInf oNext Prid 
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go3gppBindingInfoPrid OBJECT-TYPE 

SYNTAX Instanceld 

STATUS current 

DESCRIPTION 

"An arbitrary integer index that uniquely identifies an 
instance of the goSgppBindingInf o class." 

::= ( goSgppBindingInf oEntry 1 } 



go3gppBindingInfoToken OBJECT-TYPE 

SYNTAX OCTET STRING 

STATUS current 

DESCRIPTION 

"The Authorization Token associated with this 
instance of the goSgppBindinglnfo class. 
Each Binding Information must have a Token." 

::= ( goSgppBindingInf oEntry 2 } 



goSgppBindingInf oFlowIds OBJECT-TYPE 
SYNTAX Prid 

STATUS current 

DESCRIPTION 

"References the first of a list of Flowlds associated 

with this instance of goSgppBindinglnfo class. 

This is the anchor of a list of goSgppFlowIdEntry 

Instances . 

A value of zeroDotZero indicates an empty list which 

is an error condition." 
DEFVAL { zeroDotZero } 
::= ( goSgppBindingInf oEntry S } 



goSgppBindingInf oNext OBJECT-TYPE 

SYNTAX Prid 

STATUS current 

DESCRIPTION 

"References the next of a list of goSgppBindinglnfo 
instances associated with an Authorization Request. 
A value of zeroDotZero indicates this is the last of 
a list of goSgppBindinglnfo instances associated with 
an Authorization Request." 

DEFVAL { zeroDotZero } 

::= { goSgppBindingInf oEntry 4 } 



— SGPP Go Authorization Request FlowID Table 

goSgppFlowIdTable OBJECT-TYPE 

SYNTAX SEQUENCE OF GoSgppFlowIdEntry 

PIB-ACCESS notify 
STATUS current 

DESCRIPTION 

"Represents the collection of FlowIDs." 
::= { goSgppReqInfoClasses 2 } 



goSgppFlowIdEntry OBJECT-TYPE 

SYNTAX GoSgppFlowIdEntry 

STATUS current 

DESCRIPTION 

"Each entry describes a single FlowID." 
PIB-INDEX { goSgppFlowIdPrid } 
UNIQUENESS { } 
::= { goSgppFlowIdTable 1 } 



GoSgppFlowIdEntry ::= SEQUENCE { 

goSgppFlowIdPrid Instanceld, 
goSgppFlowIdFlowId UnsignedS2, 
goSgppFlowIdNext Prid 

} 



goSgppFlowIdPrid OBJECT-TYPE 
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SYNTAX Instanceld 
STATUS current 

DESCRIPTION 

"An arbitrary integer index that uniquely identifies an 

instance of the goSgppFlowId class." 
: := ( go3gppFlowIdEntry 1 } 

go3gppFlowIdFlowId OBJECT-TYPE 
SYNTAX Unsigned32 
STATUS current 

DESCRIPTION 

"The Flowld itself." 
: := ( goSgppFlowIdEntry 2 } 

go3gppFlowIdNext OBJECT-TYPE 
SYNTAX Prid 

STATUS current 

DESCRIPTION 

"References the next Flowld in the list associated with the 

same Binding Information of an Authorization Request. 

This points to a list of goSgppFlowIdEntry Instances. 

A value of zeroDotZero indicates end of the list." 
DEFVAL { zeroDotZero } 
::= { goSgppFlowIdEntry 3 } 



— 3GPP Go Authorization Request Decisions 

— PRCs for carrying the Event Decision send from PDF to PEP, 

— carried by the COPS DEC message. 

— These PRCs include support for Gates/Filters, QoS, ICIDs. 



Failure Decisions can be defined by use of COPS-PR DEC message 
containing first an install decision (with objects indicating 
what failed and some indication to the GGSN how to react to this 
Error Decision), and second a remove decision (for cleanup of 
the installed Error Decision Object) . 



Failures indicated by PDF to GGSN 
Authorization Failure 



Authorization Request Failure Decision Table 

go3gppAuthReqFailDecTable OBJECT-TYPE 

SYNTAX SEQUENCE OF Go3gppAuthReqFailDecEnt ry 

PIB-ACCESS install 
STATUS current 

DESCRIPTION 

"The Authorization failure Table. Indicates failures decisions to the PEP. 
::= { go3gppDecInfoClasses 1 } 

go3gppAuthReqFailDecEntry OBJECT-TYPE 

SYNTAX Go3gppAuthReqFailDecEntry 

STATUS current 

DESCRIPTION 

"Each go3gppAuthReqFailDecEntry is per request." 
FIB-INDEX { go3gppAuthReqFailDecPrid } 
UNIQUENESS { } 
::= { go3gppAuthReqFailDecTable 1 } 

Go3gppAuthReqFailDecEntry ::= SEQUENCE { 

go3gppAuthReqFailDecPrid Instanceld, 

go3gppAuthReqFailDecReason INTEGER 
} 

go3gppAuthReqFailDecPrid OBJECT-TYPE 
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SYNTAX Instanceld 

STATUS current 

DESCRIPTION 

"An arbitrary integer index that uniquely identifies an 
instance of the goSgppAuthReqFailDec class." 

::= { goSgppAuthReqFailDecEntry 1 } 



go3gppAuthReqFailDecReason OBJECT-TYPE 
SYNTAX INTEGER { 

noCorrespondingSession (1), 
InvalidBundling (2), 
authorizationFailure (3) 
} 
STATUS current 

DESCRIPTION 

"Reason for Auth Request Failure Decision given by PDF: 



noCorrespondingSession: 



No corresponding session was found 
by the PDF 



InvalidBundling: 



In case the UE violates the IMS level indication 

and attempts to set up multiple IMS media components 

in a single PDP context despite of an indication that 

mandated separate PDP contexts or if the list 

of f lowidentif iers contained in the bearer authorization 

request doesn't match with the grouping indication 

information the PDF has received from the P-CSCF. 



authorizationFailure : 



The PDF is unable to authorise the binding information. 
This is a generic failure indication that can be used 
if the actual reason is not any of the other specified 
reasons . " 



{ goSgppAuthReqFailDecEntry 2 } 



— Authorization Request Decision Table 

go3gppAuthReqDecTable OBJECT-TYPE 

SYNTAX SEQUENCE OF GoSgppAuthReqDecEnt ry 

PIB-ACCESS install 
STATUS current 

DESCRIPTION 

"The Authorization Request Decision Table. " 
::= { go3gppDecInfoClasses 2 } 



goSgppAuthReqDecEntry OBJECT-TYPE 

SYNTAX GoSgppAuthReqDecEntry 

STATUS current 

DESCRIPTION 

"Each go3gppAuthReqDecEntry is per Authorization Request. 
PIB-INDEX { go3gppAuthReqDecPrid } 
UNIQUENESS { } 
::= { goSgppAuthReqDecTable 1 } 



GoSgppAuthReqDecEntry ::= SEQUENCE { 

go3gppAuthReqDecPrid Instanceld, 
go3gppAuthReqDecIcids Prid, 
goSgppAuthReqDecDirDecs Prid 

} 



go3gppAuthReqDecPrid OBJECT-TYPE 

SYNTAX Instanceld 

STATUS current 

DESCRIPTION 

"An arbitrary integer index that uniquely identifies an 
instance of the goSgppAuthReqDec class." 

::= ( goSgppAuthReqDecEntry 1 } 



goSgppAuthReqDec I cids OBJECT-TYPE 
SYNTAX Prid 
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STATUS current 

DESCRIPTION 

"References the first of a list of IcIDs associated 

with this instance of goSgppAuthReqDec class. 

There should be one IcID on this list for each Binding 

Information in the corresponding Authorization Request. 

A value of zeroDotZero indicates an empty list and there 

is no IcID change associated with this Authorization Request 

Decision . " 

DEFVAL { zeroDotZero } 

::= ( go3gppAuthReqDecEntry 2 } 



goSgppAuthReqDecDirDecs OBJECT-TYPE 

SYNTAX Prid 

STATUS current 

DESCRIPTION 

"References the first of a list of Directional Decisions 
associated with this instance of goSgppAuthReqDec class. 
There should be at least one and at most two Directional 
Decisions per Authorization Request Decision. 
Hence a value of zeroDotZero is illegal." 

::= { goSgppAuthReqDecEntry 3 } 



3GPP Go ICID Table 

goSgppIcidTable OBJECT-TYPE 

SYNTAX SEQUENCE OF GoSgppIcidEnt ry 

PIB-ACCESS install 
STATUS current 

DESCRIPTION 

"Represents the collection of ICID entries'' 
::= { goSgppDecInfoClasses 3 } 



goSgppIcidEntry OBJECT-TYPE 

SYNTAX Go3gppIcidEntry 

STATUS current 

DESCRIPTION 

"Represents the ICID Entry" 
PIB-INDEX { goSgppIcidPrid } 
UNIQUENESS { go3gppIcidValue } 
::= { goSgppIcidTable 1 } 



Go3gppIcidEntry ::= SEQUENCE { 

go3gppIcidPrid Instanceld, 

goSgppIcidValue OCTET STRING, 

goSgppIcidNext Prid 



go3gppIcidPrid OBJECT-TYPE 

SYNTAX Instanceld 

STATUS current 

DESCRIPTION 

"An arbitrary integer index that uniquely identifies an 

instance of the goSgppIcid class." 
::= { go3gppIcidEntry 1 } 



goSgppIcidValue OBJECT-TYPE 

SYNTAX OCTET STRING 

STATUS current 

DESCRIPTION 

"The ICID itself. " 
::= { goSgppIcidEntry 2 } 



go3gppIcidNext OBJECT-TYPE 

SYNTAX Prid 

STATUS current 

DESCRIPTION 

"References the next goSgppIcidEntry of a list of ICIDs 
associated with this instance of goSgppAuthReqDec class. 
There should be one ICID on this list for each Binding 
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Information in the corresponding Authorization Request. 

A value of zeroDotZero indicates the end of the list of 

ICIDs associated with an Authorization Request Decision." 
DEFVAL { zeroDotZero } 
::= { go3gppIcidEntry 3 } 



— 3GPP Go Authorization Request Directional Decision Table 

go3gppAuthReqDirDecTable OBJECT-TYPE 

SYNTAX SEQUENCE OF Go3gppAuthReqDirDecEnt ry 

PIB-ACCESS install 
STATUS current 

DESCRIPTION 

"This table represents the authorization request decision for 
unique direction (e.g. uplink and downlink) ." 
::= { go3gppDecInfoClasses 4 } 



go3gppAuthReqDirDecEntry OBJECT-TYPE 

SYNTAX Go3gppAuthReqDirDecEntry 

STATUS current 

DESCRIPTION 

"There should be one of these per direction per AuthReqDec. 
PIB-INDEX { go3gppAuthReqDirDecPrid } 
UNIQUENESS { } 
::= { go3gppAuthReqDirDecTable 1 } 



Go3gppAuthReqDirDecEntry ::= SEQUENCE { 

go3gppAuthReqDirDecPrid Instanceld, 
go3gppAuthReqDirDecDirection INTEGER, 
go3gppAuthReqDirDecQos Prid, 
go3gppAuthReqDirDecGates Prid, 
go3gppAuthReqDirDecNext Prid 



go3gppAuthReqDirDecPrid OBJECT-TYPE 

SYNTAX Instanceld 

STATUS current 

DESCRIPTION 

"An arbitrary integer index that uniquely identifies an 
instance of the go3gppAuthReqDirDec class." 

::= { go3gppAuthReqDirDecEntry 1 } 



go3gppAuthReqDirDecDirection OBJECT-TYPE 
SYNTAX INTEGER { 

uplink ( 1 ) , 
downlink (2) 
} 
STATUS current 

DESCRIPTION 

"Indicates the direction this decision applies to. 
::= ( go3gppAuthReqDirDecEntry 2 } 



go3gppAuthReqDirDecQos OBJECT-TYPE 
SYNTAX Prid 

STATUS current 

DESCRIPTION 

" The Authorized QoS. References the go3gppQos class." 
::= ( go3gppAuthReqDirDecEntry 3 } 



go3gppAuthReqDirDecGates OBJECT-TYPE 
SYNTAX Prid 

STATUS current 

DESCRIPTION 

"References the first instance of a list of the go3gppGate class. 
::= ( go3gppAuthReqDirDecEntry 4 } 



go3gppAuthReqDirDecNext OBJECT-TYPE 
SYNTAX Prid 

STATUS current 
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DESCRIPTION 

"References the next instance of a list of 

goSgppAuthReqDirDec class." 
::= { go3gppAuthReqDirDecEntry 5 } 



— 3GPP Go QoS Table 

go3gppQosTable OBJECT-TYPE 

SYNTAX SEQUENCE OF Go3gppQosEnt ry 

PIB-ACCESS install 
STATUS current 

DESCRIPTION 

"This table represents the Authorised QoS. 

It is referenced by the go3gppAuthReqDirDecQos entry of the 

go3gppAuthReqDirDecEntry class. " 
::= { go3gppDecInfoClasses 5 } 



go3gppQosEntry OBJECT-TYPE 

SYNTAX Go3gppQosEntry 

STATUS current 

DESCRIPTION 

"There should be one of these per direction per AuthReqDec' 
PIB-INDEX { go3gppQosPrid } 
UNIQUENESS { } 
::= { go3gppQosTable 1 } 



Go3gppQosEntry ::= SEQUENCE { 
go3gppQosPrid 
go3gppQosServiceClass 
go3gppQosDataRateUnit 
go3gppQosDataRate 

} 



Instanceld, 
INTEGER, 
INTEGER, 
Unsigned32 



go3gppQosPrid OBJECT-TYPE 

SYNTAX Instanceld 

STATUS current 

DESCRIPTION 

"An arbitrary integer index that uniquely identifies an 

instance of the go3gppQos class." 
::= { go3gppQosEntry 1 } 



go 3 gppQos Service 


:C1 


ass OBJECT-TYPE 




SYNTAX 




INTEGER { 








qosclassA 


(1 






qosclassB 


(2 






qosclassC 


(3 






qosclassD 


(4 






qosclassE 


(5 






qosclassF 


(6 


STATUS 




current 





DESCRIPTION 

"The QoS Service Class indicates the highest authorized QoS class. 
::= { go3gppQosEntry 2 } 



go3gppQosDataRateUnit OBJECT-TYPE 
SYNTAX INTEGER { 

bps (1), 
kbps (2), 
mbps (3) 
} 
STATUS current 

DESCRIPTION 

"Indication of the unit of measure for go3gppQosDataRate, 
in bits per second, kilo bits per second, or mega bits per 
second. " 
::= { go3gppQosEntry 3 } 
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goSgppQosDataRate OBJECT-TYPE 
SYNTAX Unsigned32 
STATUS current 

DESCRIPTION 

"The Data Rate with unit of measure indicated by 

goSgppQosDataRateUnit . " 
::= { go3gppQosEntry 4 } 



3GPP Go Gate Decision Table 



— There could be one of these per direction per GateDec. 

— This is for changing Gating Status only when used alone 

— (not as part of Direction Decision) . 

— goSgppGateDec is sent in a different COPS DEC message 

— from the DEC message carrying goSgppAuthReqDec , PDF must 

— have sent a goSgppAuthReqDec before using goSgppGateDec. 

goSgppGateDecTable OBJECT-TYPE 

SYNTAX SEQUENCE OF GoSgppGateDecEnt ry 

PIB-ACCESS install 
STATUS current 

DESCRIPTION 

"This table represents an updated gating decision." 
::= { goSgppDecInfoClasses 6 } 



goSgppGateDecEntry OBJECT-TYPE 

SYNTAX GoSgppGateDecEntry 
STATUS current 

DESCRIPTION 

"There should be one of these per direction per AuthReqDec. 
PIB-INDEX { goSgppGateDecPrid } 
UNIQUENESS { } 
::= { goSgppGateDecTable 1 } 



GoSgppGateDecEntry 



SEQUENCE { 



goSgppGateDecPrid Instanceld, 

goSgppGateDecDirection INTEGER, 

goSgppGateDecGates Prid, 

goSgppGateDecNext Prid 



goSgppGateDecPrid OBJECT-TYPE 
SYNTAX Instanceld 

STATUS current 

DESCRIPTION 

"An arbitrary integer index that uniquely identifies an 

instance of the goSgppGateDec class." 
::= { goSgppGateDecEntry 1 } 



goSgppGateDecDirection OBJECT-TYPE 
SYNTAX INTEGER { 

uplink ( 1 ) / 
downlink (2) 
} 
STATUS current 

DESCRIPTION 

"References the gate direction." 
::= { goSgppGateDecEntry 2 } 

goSgppGateDecGates OBJECT-TYPE 
SYNTAX Prid 

STATUS current 

DESCRIPTION 

"References the first instance of a list of goSgppGate class. 
::= { goSgppGateDecEntry S } 
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go3gppGateDecNext OBJECT-TYPE 
SYNTAX Prid 

STATUS current 

DESCRIPTION 

"References the next instance of a list of go3gppGateDec class." 
::= { goSgppGateDecEntry 4 } 



3GPP Go Gate Table 

go3gppGateTable OBJECT-TYPE 

SYNTAX SEQUENCE OF GoSgppGateEnt ry 

PIB-ACCESS install 
STATUS current 

DESCRIPTION 

"PRC representing a Gate." 
::= { goSgppDecInfoClasses 7 } 



go3gppGateEntry OBJECT-TYPE 

SYNTAX Go3gppGateEntry 

STATUS current 

DESCRIPTION 

"Each instance represents one Gate. 
PIB-INDEX { goSgppGatePrid } 
UNIQUENESS { } 
::= { go3gppGateTable 1 } 



GoSgppGateEntry ::= SEQUENCE { 

go3gppGatePrid Instanceld, 

goSgppGateFilter Prid, 

goSgppGateStatus INTEGER, 

goSgppGateNext Prid 

} 



goSgppGatePrid OBJECT-TYPE 

SYNTAX Instanceld 

STATUS current 

DESCRIPTION 

"An arbitrary integer index that uniquely identifies an 

instance of the goSgppGate class." 
::= { goSgppGateEntry 1 } 



go3gppGateFilter OBJECT-TYPE 
SYNTAX Prid 

STATUS current 

DESCRIPTION 

"References an entry in f rwklpFilterTable (Framework PIB) 
that describes the applicable classification filter. 

When a decision requiring the definition of an IP filter 

is sent to the GGSN, the IP filter will be represented by the 

IP filter definition f rwklpFilterTable, provided by the 

Framework PIB, RFC 3318. Such IP filter f rwklpFilterTable 

must be part of the same decision message. The attribute 

go3gppGateFilter is used to reference the f rwklpFilterTable 

entry for this Gate. 

Wildcarding of the attributes for deriving the address and protocol values 

is as specified in RFC 3318 [15] . Wildcarding of the source ports is achieved as follows: 

- frwkIpFilterSrcL4PortMin shall be set to 0, 

- and f rwkIpFilterSrcL4PortMax shall be set to 65535 

The f rwkBaseFilterNegation attribute of the f rwkBaseFilterTable is 
not required, its "not-used" condition is indicated by setting its 
value to "false". 

The f rwklpFilterDscp and f rwklpFilterFlowId attributes 

of the f rwklpFilterTable are not required, their "not-used" condition is 

indicated by setting their values to -1. 
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A value of zeroDotZero indicates no filter is 
used with this goSgppGate." 
::= { goSgppGateEntry 2 } 

go3gppGateStatus OBJECT-TYPE 

SYNTAX INTEGER { 

close (1) , 
open (2) 
} 
STATUS current 

DESCRIPTION 

"Indicates if this gate will allow traffic to flow." 
DEFVAL { close } 

::= { goSgppGateEntry 3 } 

go3gppGateNext OBJECT-TYPE 
SYNTAX Prid 

STATUS current 

DESCRIPTION 

"Reference the next Gate on a list of go3gppGate instances. 
A value of zeroDotZero indicates this is the last Gate 
on the list . " 
;:= { go3gppGateEntry 4 } 



3GPP Go Reports 

PRCs for carrying the Decision enforcement result sent from PEP to PDF, 
carried using the COPS REPORT message. 

These PRCs include support for the success or failure of the PEP in 
carrying out the PDF ' s decision or -change of the state in the GGSN. 

go3gppReportTable OBJECT-TYPE 

SYNTAX SEQUENCE OF Go3gppReportEnt ry 

PIB-ACCESS notify 
STATUS current 

DESCRIPTION 

"This table represents the success or failure of the decision enforcement and 
state changes in the PEP . " 
::= { go3gppReportClasses 1 } 

go3gppReportEntry OBJECT-TYPE 

SYNTAX Go3gppReportEntry 

STATUS current 

DESCRIPTION 

PIB-INDEX { go3gppReportPrid } 

UNIQUENESS { } 

::= { go3gppReportTable 1 } 

Go3gppReportEntry ::= SEQUENCE { 

go3gppReportPrid Instanceld, 
go3gppReportStatus INTEGER, 
go3gppReportDetails Prid 



go3gppReportPrid OBJECT-TYPE 
SYNTAX Instanceld 

STATUS current 

DESCRIPTION 

"An arbitrary integer index that uniquely identifies an 

instance of the go3gpgReport class." 

::= { go3gppReportEntry 1 } 



go3gppReportStatus OBJECT-TYPE 
SYNTAX INTEGER { 



success (1) 
failure (2) 
usage (3) 



STATUS 
DESCRIPTION 



£75/ 



3GPP TS 29.207 version 5.4.0 Release 5 45 ETSI TS 1 29 207 V5.4.0 (2003-06) 

"When Status is: 

success: Indicates the successful implementation of the 
decision. 
go3gppReportDetails : 

Reference an instance of go3gppRprtGPRSChrgInfo 
for initial authorization request decision; 
References nothing otherwise (contains the value 
zeroDotZero) . 

Failure: Indicates the failure of implementing the decision. 

goSgppReportDetails may references an Error object^ 
or may have the value zeroDotZero when no error 
object is needed, in which case COPS and COPS-PR 
error codes and error objects are sufficient. 
Usage: goSgppReportDetails references an instance of 
goSgppRprtUsage class." 

::= { go3gppReportEntry 2 } 

goSgppReportDetails OBJECT-TYPE 
SYNTAX Prid 

STATUS current 

DESCRIPTION 

"May reference an instance of goSgppRprtCPRSChrglnfo, 

goSgppRprtError (not defined), or go3gppRprtUsage class, 

or may have the value of zeroDotZero depending on the value of 

go3gppReportStatus . " 
::= { goSgppReportEntry 3 } 

go3gppRprtGPRSChrgInfoTable OBJECT-TYPE 

SYNTAX SEQUENCE OF Go3gppRprtGPRSChrgInf oEnt ry 

PIB-ACCESS notify 
STATUS current 

DESCRIPTION 

"This table represents the GPRS Charging information" 
::= { go3gppReportClasses 2 } 

go3gppRprtGPRSChrgInfoEntry OBJECT-TYPE 

SYNTAX Go3gppRprtGPRSChrgInfoEntry 

STATUS current 

DESCRIPTION 

"This entry represents the GPRS Charging Identifier and GGSN address." 
PIB-INDEX { go3gppRprtGPRSChrgInfoPrid } 
UNIQUENESS { go3gppRprtGPRSChrgInf oAddrType, 

go3gppRprtGPRSChrgInfoGGSNAddr, 

go3gppRprtGPRSChrgInfoGCID } 
::= { go3gppRprtGPRSChrgInfoTable 1 } 

Go3gppRprtGPRSChrgInfoEntry ::= SEQUENCE { 

go3gppRprtGPRSChrgInf oPrid Instanceld, 

go3gppRprtGPRSChrgInfoAddrType InetAddressType, 

go3gppRprtGPRSChrgInfoGGSNAddr InetAddress, 
go3gppRprtGPRSChrgInfoGCID OCTET STRING 



go3gppRprtGPRSChrgInfoPrid OBJECT-TYPE 

SYNTAX Instanceld 

STATUS current 

DESCRIPTION 

"An arbitrary integer index that uniquely identifies an 
instance of the go3gpgRprtGPRSChrgInfo class." 
::= { go3gppRprtGPRSChrgInfoEntry 1 } 

go3gppRprtGPRSChrgInf OAddrType OBJECT-TYPE 
SYNTAX InetAddressType 

STATUS current 

DESCRIPTION 

"The address type enumeration value to specify 
the type of the packet's IP address." 
REFERENCE 
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"Textual Conventions for Internet Network Addresses [INETADDR]." 
::= { go3gppRprtGPRSChrgInfoEntry 2 } 

go3gppRprtGPRSChrgInfoGGSNAddr OBJECT-TYPE 
SYNTAX InetAddress 

STATUS current 

DESCRIPTION 

"Contains the IP Address of the GGSN providing the GCID 

upon successful handling of an Authorization Request." 
REFERENCE 

"Textual Conventions for Internet Network Addresses [INETADDR]." 

::= { goSgppRprtCPRSChrglnfoEntry 3 } 

go3gppRprtGPRSChrgInfoGCID OBJECT-TYPE 
SYNTAX OCTET STRING 

STATUS current 

DESCRIPTION 

"The GPRS Charging ID related to this Authorization Request." 
::= { go3gppRprtGPRSChrgInfoEntry 4 } 



Notice go3gppRprtError PRC is currently not defined because all 
error condition handling is satisfactorily covered by using the 
standard COPS-PR error handling mechanism and error objects. 
go3gppRprtError PRC should only be used for 3GPP GO Application 
error indications if necessary. 



go3gppRprtUsageTable OBJECT-TYPE 

SYNTAX SEQUENCE OF Go3gppRprtUsageEnt ry 

PIB-ACCESS notify 
STATUS current 

DESCRIPTION 



{ go3gppReportClasses 3 } 



go3gppRprtUsageEntry OBJECT-TYPE 

SYNTAX Go3gppRprtUsageEntry 

STATUS current 

DESCRIPTION 

"This entry represents the PEP state changes. 
PIB-INDEX { go3gppRprtUsagePrid } 
UNIQUENESS { go3gppRprtUsageIndicat ion } 
::= { go3gppRprtUsageTable 1 } 



Go3gppRprtUsageEntry ::= SEQUENCE { 

go3gppRprtUsagePrid Instanceld, 
go3gppRprt Usage Indication INTEGER 

} 



go3gppRprtUsagePrid OBJECT-TYPE 
SYNTAX Instanceld 

STATUS current 

DESCRIPTION 

"An arbitrary integer index that uniquely identifies an 

instance of the go3gpgRprtUsage class." 

::= { go3gppRprtUsageEntry 1 } 



go 3 gppRprt Us age Indication OBJECT-TYPE 
SYNTAX INTEGER { 

chngdToOkbs (1), 
chngdFromOkbs (2) } 
STATUS current 

DESCRIPTION 

"Indication of GPRS Usage change. 
ChngdToOkbs indicates changing to Okbs, 
ChngdFromOkbs indicates changing from Okbs . " 
::= { go3gppRprtUsageEntry 2 } 
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Conformance Section 



go3gppCompliances 
goSgppGroups 



OBJECT IDENTIFIER 
OBJECT IDENTIFIER 



{ go3gppConformance 1 
( go3gppConf ormance 2 



goSgppCompliance MODULE-COMPLIANCE 
STATUS current 
DESCRIPTION 

"Describes the requirements for conformance to the 

3GPP GO PIB. " 



MODULE FRAMEWORK-PIB 

MANDATORY-GROUPS { 

frwkPrcSupport Group, 
f rwkDeviceldCroup, 
frwkBaseFi Iter Group, 
f rwklpFilterCroup } 



— Defined in RFC 3318 [15] 



MODULE G03GPP-PIB — this module 
MANDATORY-GROUPS { 

go3gppAuthReqCapGroup, 

go3gppAuthReqDecCapGroup, 

go3gppAuthReqHandlerGroup, 

go3gppAuthReqEventGroup, 

go3gppBindingInfoGroup, 

go3gppFlowIdGroup, 

go3gppAuthReqFailDecGroup, 

go3gppAuthReqDecGroup, 

go3gppIcidGroup, 

go3gppAuthReqDirDecGroup, 

go3gppQosGroup, 

go3gppGateDecGroup, 

go3gppGateGroup, 

go3gppReport Group, 

go3gppRprtGPRSChrgInfoGroup, 

go3gppRprtUsageGroup } 

::= { go3gppCompliances 1 } 



go3gppAuthReqCapGroup OBJECT-GROUP 
OBJECTS { 

go3gppAuthReqCapBindingInfos, 
go3gppAuthReqCapFlowIds 
} 

STATUS current 
DESCRIPTION 

"This Group defines the PIB Objects that describe the 
Authorization Request capabilities." 
::= { go3gppGroups 1 } 

go3gppAuthReqDecCapGroup OBJECT-GROUP 
OBJECTS { 

go3gppAuthReqDecCapIcids 
} 

STATUS current 
DESCRIPTION 

"This Group defines the PIB 

Objects that describe the Authorization Decision capabilities." 
::= { go3gppGroups 2 } 

go3gppAuthReqHandlerGroup OBJECT-GROUP 
OBJECTS { 

go3gppAuthReqHandlerEnable, 
go3gppAuthReqHandlerBindingInf o 
} 

STATUS current 
DESCRIPTION 

"This Group defines the PIB 

Objects that describe the Authorization request event handler." 
::= { go3gppGroups 3 } 
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goSgppAuthReqEvent Group OBJECT-GROUP 
OBJECTS { 

goSgppAuthReqEvent Binding Infos 
} 

STATUS current 
DESCRIPTION 

"This Group defines the PIB 

Objects that describe the Authorization request events." 
::= { goSgppGroups 4 } 

go3gppBindingInfoGroup OBJECT-GROUP 
OBJECTS { 

goSgppBindinglnfoToken, 
goSgppBindinglnfoFlowIds, 
goSgppBindingInf oNext 
} 

STATUS current 
DESCRIPTION 

"This Group defines the PIB 

Objects that describe the binding information." 
::= { goSgppGroups 5 } 

goSgppFlowIdCroup OBJECT-GROUP 
OBJECTS { 

goSgppFlowIdFlowId, 
goSgppFlowIdNext 
} 

STATUS current 
DESCRIPTION 

"This Group defines the PIB 

Objects that describe the flow identifier." 
::= { goSgppGroups 6 } 

goSgppAuthReqFailDecGroup OBJECT-GROUP 
OBJECTS { 

goSgppAuthReqFailDecReason 
} 

STATUS current 
DESCRIPTION 

"This Group defines the PIB 

Objects that describe the Authorization failure decisions." 
::= { goSgppGroups 7 } 

goSgppAuthReqDecGroup OBJECT-GROUP 
OBJECTS { 

goSgppAuthReqDecIcids, 
goSgppAuthReqDecDirDecs 
} 

STATUS current 
DESCRIPTION 

"This Group defines the PIB 

Objects that describe the Authorization decisions." 
::= { goSgppGroups 8 } 

goSgppIcidCroup OBJECT-GROUP 
OBJECTS { 
goSgppIcidValue, 
goSgppIcidNext 
} 

STATUS current 
DESCRIPTION 

"This Group defines the PIB 
Objects that describe the ICID." 
::= { goSgppGroups 9 } 

goSgppAuthReqDirDecGroup OBJECT-GROUP 
OBJECTS { 

goSgppAuthReqDirDecDirection, 
goSgppAuthReqDirDecQos, 
goSgppAuthReqDirDecGates, 
goSgppAuthReqDirDecNext 
} 

STATUS current 
DESCRIPTION 

"This Group defines the PIB 

Objects that describe the authorization decision direction." 
::= { goSgppGroups 10 } 



£75/ 



3GPP TS 29.207 version 5.4.0 Release 5 



49 



ETSI TS 129 207 V5.4.0 (2003-06) 



go3gppQosGroup OBJECT-GROUP 
OBJECTS { 

goSgppQosServiceClass, 
go3gppQosDataRateUnit, 
go3gppQosDataRate 
} 

STATUS current 
DESCRIPTION 

"This Group defines the PIB 
Objects that describe the QoS information. 
::= { goSgppGroups 11 } 

go3gppGateDecGroup OBJECT-GROUP 
OBJECTS { 

goSgppGateDecDirection, 
go3gppGateDecGates, 
goSgppGateDecNext 
} 

STATUS current 
DESCRIPTION 

"This Group defines the PIB 
Objects that describe the Gate decision." 
::= { goSgppGroups 12 } 

goSgppGateCroup OBJECT-GROUP 
OBJECTS { 
goSgppGateFilter, 
goSgppGateStatus, 
go3gppGateNext 
} 

STATUS current 
DESCRIPTION 

"This Group defines the PIB 
Objects that describe the gate." 
::= { goSgppGroups 13 } 



goSgppReportCroup OBJECT-GROUP 
OBJECTS { 

goSgppReportStatus, 
go 3 gppReport Details 
} 

STATUS current 
DESCRIPTION 

"This Group defines the PIB 
Objects that describe the PEP reports." 
::= { goSgppGroups 14 } 

go3gppRprtGPRSChrgInfoGroup OBJECT-GROUP 
OBJECTS { 

go3gppRprtGPRSChrgInfoAddrType, 
goSgppRprtGPRSChrglnfoGGSNAddr, 
go3gppRprtGPRSChrgInfoGCID 
} 

STATUS current 
DESCRIPTION 

"This Group defines the PIB 

Objects that describe the charging information. 
::= { goSgppGroups 15 } 

goSgppRprtUsageCroup OBJECT-GROUP 
OBJECTS { 

go 3 gppRprt Us age Indication 
} 

STATUS current 
DESCRIPTION 

"This Group defines the PIB 
Objects that describe the report usage." 
::= { goSgppGroups 16 } 
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Annex C (normative): 

Flow identifiers: Format definition and examples 



C.1 Format of a flow identifier 



A flow identifier is expressed as a 2-tuple as follows: 

<Media component no, IP flow no.> 
where both are numbered starting from 1. The encoding of the flow identifier is as indicated in 3GPP TS 24.008 [12]. 



Media component no. 



IP flow no. 



C.2 Example 1 



The second "m=" - line in the SDP information contains one RTP media specification, as follows: 

m=video 49160 RTP/AVP31 
Two flow identifiers are assigned as shown in the table below: 



IP flow 


Port number 


Flow identifier. 


RTP 


49160 


<2,1> 


Associated RTCP 


49161 


<2,2> 



C.3 Example 2 



In the general case, multiple ports may be specified with a "number of ports" qualifier as follows, RFC 2327 [17]: 

m=<media> <port>/<number of ports> <transport> <fmt list> 
If the third "m="-line indicates a series of port numbers as follows: 

m=video 49170/2 RTP/AVP 31 
Four flow identifiers are assigned as shown in the table below: 



IP flow 


Port number 


Flow identifier. 


First RTP 


49170 


<3,1> 


First associated RTCP 


49171 


<3,2> 


Second RTP 


49172 


<3,3> 


Second associated 
RTCP 


49173 


<3,4> 
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Annex D (normative): 

Go interface related error code values for the PDP context 

handling 

The following error codes are used to indicate Go interface related errors from the GGSN to the UE. The error codes 
listed below are transferred to the UE in the Protocol Configuration Options information element as defined in 
3GPPTS 24.008 [12]: 

The error code values transported in the container contents field shall be the binary representations of the error 
code numbers listed below. 

In all the cases listed below a common GTP cause code, "User authentication failed", see 3GPP TS 29 060 [20], 
shall be used in the response message. 

Error code No. 1 "Authorization failure of the request" 

This error code indicates that the secondary PDP context activation or PDP context modification request is rejected 
because the authorizing entity is unable to provide an authorization decision for the binding information. 

Error code No. 2 "Missing binding information" 

This error code indicates that the secondary PDP context activation or PDP context modification request is rejected 
because the binding information was not included in the request although required. 

Error code No. 3 "Invalid binding information" 

This error code indicates that the secondary PDP context activation or PDP context modification request is rejected 
because the authorizing entity could not be resolved from the binding information. 

Error code No. 4 "Binding information not allowed" 

This error code indicates that the secondary PDP context activation or PDP context modification request is rejected 
because the Go interface is disabled or not supported in the GGSN and hence binding information is not allowed. The 
error code may also indicate that the PDP context modification is rejected because binding information is not allowed 
for modification of previously non-authorised PDP context or that the binding information is not allowed when the PDP 
context is indicated to be used for IMS signaling. 

Error code No.5 "Authorizing entity temporarily unavailable" 

This error code indicates that the secondary PDP context activation or PDP context modification request is rejected 
because the authorizing entity indicated by the binding information is temporarily unavailable. 

Error code No. 6 "No corresponding session" 

This error code indicates that the secondary PDP context activation request is rejected because the authorizing entity 
cannot associate the Authorisation token of binding information with any ongoing session or binding information 
contains invalid flow identifier(s).The error code also indicates that the PDP context modification request is rejected by 
the authorizing entity because the authorization token has changed or the binding information contains invalid flow 
identifier(s). 

Error code No. 7 "Invalid bundling" 

This error code indicates that the secondary PDP context activation request is rejected because the authorizing entity 
doesn't allow the grouping of the flow identifiers contained in the PDP context activation request to be carried in the 
requested PDP Context. 
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Annex E (informative): 

Overview of the 3GPP Go PIB working mode 

When the GGSN initiaHse for the first time, the PEP instances are initialised. The GGSN will use a TCP connection 
with the PDF (that will be created as specified in the normative text above subclause 6.1.1) in order to transport COPS 
protocol. 

Then, the GGSN sends the first COPS REQ message to the PDF indicating capabilities and the supported PRCs. This is 
done using: 

frwkSupportXable containing the supported PRCs and attributes. 

frwkDeviceldXable used to facilitate efficient policy communication by a PDP. The PDP can take into account 
certain device characteristics during policy installation as hardware and software of the GGSN, or maximum COPS- 
PR message size. 

go3gppAuthReqCapTable indicating the maximum number of Binding Information and maximum number of 
Flow Identifiers the PEP can send with each Authorization Request. 

go3gppAuthReqDecCapTable indicating the maximum number of ICID possible in a single Authorization Request 
Decision. 

Then, the PDF send to the PEP PRCs for indicating how to handle each kind of event that require actions by the Go 
interface. This is done in a COPS DEC message using: 

go3gppAuthReqHandlerTable indicating Go actions to take at the GGSN when an Authorization Request Event is 
detected by the GGSN (an example of an Authorization Request Event is the receive of a PDP Context message); 
the maximum number of Binding Information associated with each Authorization Request; and if COPS Req. can be 
triggered, are also indicated here. 

Then, the GGSN will send PRCs to the PDF in a COPS REQ indicating the detection of specific events in the GGSN 
(i.e. when the GGSN receives the PDP context activation). Information required to PDF on behave of GGSN is carried 
also by REQ messages. This is done using: 

go3gppAuthReqEventTable indicates Authorization Request Event and its relevant information (binding 
information go3gppBindingInfoTable, go3gppFlowIDTable). 

Then, PRCs carrying the Event Decision sent from PDF to PEP are carried by the COPS DEC message. These PRCs 
include support for Gates/Filters, QoS, ICIDs. 

If the authorization request is rejected (for reasons such as no corresponding session was found by the PDF, 
incorrect bundling and others) a COPS-PR DEC containing the reason (go3gppAuthReqFailDecTable) is sent. 

If not, the following PRCs are sent: 

go3gppAuthReqDecTable indicates an ICID for each binding information received. To do so, table 
go3gppIcidTable is used. Also for each binding information a Directional Decision is sent 
(go3gppAuthreqDirDecTable) 

Within the later the following is indicated: 

- The direction where the decision applies (uplink or downlink). 

- The Auth QoS (go3gppQoSTable) indicating the service class through DSCP encoding, and the data rate 
to be applied in the PDP requesting authorization. 

The gate definition (go3gppGateTable): including status (open/closed), and Ip filter definition through 
the frwkBaseFilterXable and frwklpFilterXable (which includes source and destination address, port, 
protocol, etc). 

There is, also, the possibility of sending, in a different COPS DEC message from the one carrying the 
go3gppAuthReqDec, information about changing status of the Gate. This is done using the go3gppGateDecXable, that 
includes the direction to which this decision applies and a reference to a go3gppGateTable. 
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Finally, the PEP will send to the PDF PRCs with the information on the Decision enforcement result. This is done in the 
COPS REPORT message. These PRCs include support for the success or failure of the PEP in carrying out the PDF's 
decision or change of the state in the GGSN, and are: 

go3gppReportTable will indicate the status of the enforcement: success or failure or usage. 

- If success, then, the go3gppRprtGPRSChrgInfoTable is sent to indicate the details for charging (GGSN 
address and GCID). 

If failure, then, the standard COPS-PR error handling mechanism and error objects are enough. 

Usage means that GPRS Usage has changed to 0kbps or from 0kbps. go3gppUsageTable is used. 

To be conformant to the Go PIB, on top of the Go PIB PRCs defined in the present document, is mandatory to include 
from the framework PIB: frwkPrcSupportGroup, frwkDeviceGroup. 

The PDF can revoke the authorization by using the Remove_Decision at any time the current specification indicates that 
this action is required. The GGSN sends a COPS DRQ message to ultimately remove the corresponding state in the 
PDF. 

The Handle included in the COPS message will be used as the unique number to correlate all the COPS messages with 
the same dialogue. 
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Annex F (informative): 
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